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CCIE 



CCNP 


CCNA 



CCENT 

CCNP Routing and Switching Version 2 

validates the ability to plan, implement, verify and troubleshoot local and wide-area enterprise 
networks 
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CCNP Module 
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• ROUTE (300-101) 

• Implementing Cisco IP Routing 

• SWITCH (300-115) 

• Implementing Cisco IP Switched Networks 

• TSHOOT (300-135) 

• Troubleshooting and Maintaining Cisco IP Networks 
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CCNP Certification exam 
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• Pre-requistes: 


(valid cisco CCNA Routing and Switching Certification) 




Exam Details: 

Register 

Duration 

Number of question 

Available Languages 
Type of Question 


: Pearson VUE 

:120 minutes 
: 45-65 questions (R&S) 

:15-25 Question (t-shoot) 

: English 

: Multiple choice Jestlet ,Drag and Drop , 
Simulated Lab ,Simlets 


Passing Score 


: 790/1000 
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• Two Versions of Addressing Scheme 

• IP version 4-32 bit addressing 

• IP version 6 - 128 bit addressing 
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Total IPv4 Addressing Scheme is divided 
into 5 Classes 


• CLASS A 

• CLASS B 

• CLASS C 

• CLASS D 

• CLASS E 



LAN and WAN - Unicast 


Multicasting 

Research and Development 
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Class 

Range 

Octet 

Format 

Subnet 

Mask 

Cisco / Notation 

Class A 

0.0.0. 0 to 

127.255.255.255 

N.H.H.H 

255.0.0.0 

/8 

Class B 

128.0.0.0 to 

191.255.255.255 

N.N.H.H 

255.255.0.0 

/ 16 

Class C 

192.0.0.0 to 

223.255.255.255 

N.N.N.H 

255.255.255.0 

/24 

Class D 

224.0.0.0 to 

239.255.255.255 

N/A 

N/A 

N/A 

Class E 

240.0.0.0 to 

255.255.255.255 

N/A 

N/A 

N/A 
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What is a Router ? 
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• A Router is a internetworking Device. 

• It routes the packet from one logical network to another logical network 

• It has two main functions. 

- Determination of best path towards destination. 

- Switching packet from inbound interface to outbound interface. 




Routing 


ZOOM 

V ECHNOLOGIES 




• Forwarding the packet from one network to other network. 

* Routing is enabled by default 


To enable or disable IP Routing 
Router(config)# [no] ip routing 
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Types of Routing 


• Static Routing 

• Dynamic Routing 
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Static Routing 
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• Manually configured by Administrator 

• Administrative distance is 1 

• Destination network should be known 

• Routing based on next hop IP address or exit interface 

• Secure and fast 
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Static Routing Configuration 
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192.168.0.0/24 192.168.1.128/26 



Static Default Route 
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• Static default route will be used for unknown destinations 

• It may be used for accessing the Internet. 

• It can be also used on a Stub router. 

• It is least preferred route in the routing table. 

• The router uses this route only when it cannot find a more suitable match in the 
routing table. 
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Default route configuration. 
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Static and Default routing Example 
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Static and Default Route configuration 
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Floating Static Route 
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• Floating static routes are static routes that are used to provide a backup path to a 
primary static route, in the event of a link failure. 


• The floating static route is only used when the primary route is not available. 

• To accomplish this, the floating static route is configured with a higher administrative 
distance than the primary static route. 
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Floating Static Route 
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Floating Static Route Configuration 
Rl(config)# ip route 15.1.0.0 255.255.255.0 65.0.0.2 
Rl(config)#ip route 15.1.0.0 255.255.255.0 66.0.0.2 7 



Dynamic Routing Protocol 
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Dynamic routing protocols, exchange routing information with the neighbors and build 
the routing table automatically 

Administrator need to advertise only the directly connected networks 
Any changes in the network topology are automatically updated 
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Interior Gateway protocol (IGP) 




Distance Vector Routing 
Protocol 




Link-State Routing Protocol 


RIPvl 


V 7 


IGRP 


Dynamic Routing Protocol 


Dynamic Routing protocol 


r 
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Exterior Gateway protocol (EGP) 


V 


Path Vector Routing Protocol 




Types of Dynamic Routing Protocols 
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• Distance Vector Routing Protocol 
(RIP,IGRP) 

• Link State Routing Protocol 
(OSPFJS-IS) 

• Advanced Distance Vector Routing Protocol 
(EIGRP) 

• Path Vector Protocol 
(BGP) 
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Summarization 
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• Combining the contiguous address into one and advertising to neighbor Router 

• Advantages 

• Minimizing the routing table entries 

• Less use of resources like memory, processor, bandwidth 

• Less number of updates 

• There are two type of Summarization 

• Auto summary 

• Manual summary 



Auto Summary 
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• Subnet at major network boundary will be summarized into class full updates 

• A Class full routing protocol does auto summary by default and it cannot be turned off 

• Routing protocols like RIPv2, EIGRP, BGPv4 support auto summary 

• Link state routing protocol i.e. OSPF and ISIS do not support auto summary 
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Auto Summary 


ZOOM 

^TECHNOLOGIES 


U 


10 . 10 . 0 . 0/16 


192 . 168 . 20 . 0/24 


172 . 16 . 1 . 0/24 


10.20.0.0/16 

;q 

-m 172.16.0.0/16 

so 

172.16.0.0/16 

■fel 

172.16.1.0/24 

10.10.0.0/16 


192.168.20.0/24 


""Z— 192.168.20.0/24 

S1 


K— 172.16.2.0/24 

s. 


10 . 20 . 0 . 0/16 


Routing table of A 

Networks 

Int 

10.20.0.0/16 

E0 

10.10.0.0/16 

SO 

192.168.20.0/24 

SO 

172.16.0.0/16 

SO 








Routing table of B 

Networks 

Int 

192.168.20.0/24 

SO 

10.10.0.0/16 

SI 

10.20.0.0/16 

SI 

172.16.0.0/16 

SO 








172 . 16 . 2 . 0/24 


Routing table of C 

Networks 

Int 

172.16.1.0/24 

SO 

192.168.20.0/24 

SI 

10.0.0.0/8 

SI 

172.16.2.0/24 

so 








Routing table of D 

Networks 

Int 

172.16.2.0/24 

EO 

172.16.1.0/24 

SI 

10.0.0.0/8 

SI 

192.168.20.0/24 

SI 








Manual summary 


* Administrator manually configures Summarization 

* Summary address contains networks in 2n subnets (FLSM) 

* It is supported by all classless routing protocols 
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Routing Protocol Selection 
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EIGRP Features 
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• Open Standard 

• Advanced distance-vector routing protocol 

• Diffusing update algorithm (DUAL) 

• Administrative distance is 90-internal, 170-external 

• Classless 

• Support FLSM, VLSM, CIDR, Auto and Manual summary 

• Metric = composite metric (32 bits) 

• - Bandwidth, load, delay, reliability 

• Updates are sent as multicast(224.0.0.10) or unicast 



EIGRP Features 
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• Incremental / triggered update 

• Very fast convergence 

• Max hops = 255 (default is 100 hops) 

• Load balancing on 4 equal cost paths (Default) 

• Max 16 paths (equal or unequal cost paths) 

• It supports multiple routed protocols 

• (IP, IPX, Apple Talk) 

• EIGRP uses protocol no 88 
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Key Technologies of EIGRP 


• Neighbor discovery 

• Reliable Transport Protocol (RTP) 

• DUAL Algorithm 

• Protocol Dependent Modules (PDM) 


ZOOM 

^TECHNOLOGIES 


U 



EIGRP Tables 
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• Neighbor table 

List of directly connected routers running EIGRP in same autonomous system 


• Topology Table 

List of all routes learned from its directly connected neighbors 

• Routing table 

List of best paths towards each destination 
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Components of EIGRP 


• Link Local Distance -- Distance from Router to Neighbor Router 

• Advertised Distance - Distance from Neighbor Router to Destination 

• Feasible Distance -- Link Local Distance + Advertised Distance 

• Successor -- Best Path to reach destination 

• Feasible Successor -- Second Best Path to reach destination 
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EIGRP Tables 
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Neighbor Table of Router A 

Neighbor 

Interface 

B 

SO 

C 

SI 



Topology Table of Router A 

Network 

NH 

AD 

FD 


10.0.0.0/8 

B 

1000 

2000 

S 

C 

1500 

2500 



Routing Table of Router A 

Network 

Next Hop 

FD 

10.0.0.0/8 

B 

2000 
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EIGRP metric calculation 


EIGRP Metric 

= [K1 * BW + ((K2 * BW) / (256 - load)) + K3 * delay] 
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• Formula with default K values 


(K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0) 

• EIGRP Metric 

• BW = (107/lowest Bandwidth in kbps)*256 

• Delay = (sum of total delay/10)*256 



EIGRP Metrics Calculation Example 
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Delay = 20000 (is 
BW = 2000 K 



SO 



Delay = 20000 (is 
BW = 256 K 
SI 



E0 I Delay = 1000 (is 
BW = 10000 K 


192.168.2.0/24 

• Delay is the sum of all the delays of the links along the paths: 
Delay = [delay in tens of microseconds] x 256 

• Bandwidth is the lowest bandwidth of the links along the paths: 
Bandwidth = [10,000,000 / (bandwidth in kbps)] x 256 


A-» 192.168.2.0 


Least bandwidth 256 kbps Total delay 41,000 


Composite Metric = [[10000000/256] x 256] + [[41000/10] x 256] 

= 10000000 + 1049600 = 11049600 
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EIGRP Packets 
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Hello Functions 

• Neighbor Discovery 

• Neighbor Formation 

• Keep Alive 
Update 

• To exchange routing information with neighbor 
Query 

• Query message is generated when successor is down & Feasible Successor not 
available 

Reply 

• Reply Message is sent in response to query message 
ACK 

• For every Update, Query and Reply router will generate ACK message 



Initial Route Discovery 
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Hello 


Neighbor 

Table 





ACK 
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Update 


Routing 

Table 


HeMo 




Update 


► 


► 


aOk 



Neighbor 

Table 
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Topology 

Table 




Routing 

Table 
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Diffusing Update Algorithm - DUAL 
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Neighbor Table of Router A 

Neighbor 

Interface 

B 

SO 

C 

SI 



Topology Table of Router A 


Network 

NH 

AD 

FD 


10.0.0.0/8 

B 

1000 

2000 

S 

C 

1500 

2500 

FS 


Routing Table of Router A 

Network 

Next Hop 

FD 

10.0.0.0/8 

B 

2000 


Feasibility Condition = Second best AD < FD of Successor 
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Neighbor Table of Router A 

Neighbor 

Interface 





C 

SI 


Topology Table of Router A 

Network 

NH 

AD 

FD 


10.0.0.0/8 









C 

1500 

2500 

S 


Routing Table of Router A 

Network 

Next Hop 

FD 

10.0.0.0/8 

c 

2500 




0 


20 













ZOOM 

\technologies 


u 


Neighbor Table of Router A 

Neighbor 

Interface 

B 

SO 

C 

SI 



Topology Table of Router A 


Network 

NH 

AD 

FD 


10.0.0.0/8 

B 

1000 

2000 

S 

C 

3000 

4500 

- 


Routing Table of Router A 

Network 

Next Hop 

FD 

10.0.0.0/8 

B 

2000 


Feasible Successor = Second best AD < FD of Successor 
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Neighbor Table of Router A 

Neighbor 

Interface 





C 

SI 


Topology Table of Router A 

Network 

NH 

AD 

FD 


10.0.0.0/8 









C 

3000 

4500 

S 


Routing Table of Router A 

Network 

Next Hop 

FD 

10.0.0.0/8 

c 

4500 
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DUAL 
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Neighbor Table of Router A 

Neighbor 

Interface 





C 

SI 


Topology Table of Router A 

Network 

NH 

AD 

FD 


10.0.0.0/8 


















Routing Table of Router A 

Network 

Next Hop 

FD 









Configuring EIGRP 
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To enable EIGRP as the IP routing protocol. 
Router(config)# router eigrp <AS No.> 

Identify attached networks participating in EIGRP. 
Router(config-router)# network network-id [wildcard-mask] 

Defining the interface's bandwidth for the purposes of Metric calculation 
Router(config-if)# bandwidth <kilobits> 
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EIGRP Queries 
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• Router loses a best path and does not have a FS (Second best path) in its topology 
table, it looks for an alternate path to the same destination, this is called as Active 
state for that route. 


• If a router does not have an alternate route, it queries each of its own neighbors 



EIGRP Queries 
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Stuck In Active 


* The most common reasons for SIA routes are as follows: 

• The router is too busy to answer the query 

• The link between the two routers is not good 

• A failure causes traffic on a link to flow in only one direction. 
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Stuck In Active 
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Preventing SIA 


ZOOM 

\tECHNOIOGIES 


D 


* Cisco IOS Software Release 12.1(5) and later, with the Active Process Enhancement 
feature. 


• This feature enables an EIGRP router to monitor the progression of the search for a 
successor route and ensure that the neighbor is still reachable. 



EIGRP Stub 
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• EIGRP stub is a special router which will not receive Query messages. 

• A stub router informs its status to all other neighbors. 

• EIGRP stub routing reduces CPU utilization on the router. 

• EIGRP stub routing mainly implemented in hub and spoke environment. 
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Summarization 
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• Auto summary 

• EIGRP does auto summary at major logical network boundary 

• Manual summary 

• EIGRP supports manual summary on a per interface basis 

• Summary will be continued till the last specific route goes down 

• Summary metric will be the best metric from specific route 

• Router of the summary route will create a summary route pointing to null interface 



Summarization with Null Interface 


10 . 10 . 1 . 0/24 


10 . 10 . 2 . 0/24 


10 . 10 . 3 . 0/24 


Routing table of D 

Networks 

Int 

10.10.1.0/24 

SO 

10.10.2.0/24 

SI 

10.10.3.0/24 

S2 

10.10.0.0/22 

null 

O.O.O.O/O 

S4 
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Internet 
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Configuring EIGRP Route Summarization 
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Turns off automatic summarization for the EIGRP process 
Router(config-router)# no auto-summary 


Creates a summary address that this interface will generate. 

Router(config-if)# ip summary-address eigrp <as-number> 

<address> <subnet mask> 



EIGRP Load Balancing 
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• Routes with lowest equal metric are installed in the routing table (equal-cost load 
balancing) 


• There can be up to sixteen entries in the routing table for the same destination: 

• The number of entries is configurable 

• The default is four 

• Variance is configured for unequal cost load balancing 

• Variance is the multiplier to FD of successor 

• Default is l(equal cost load balancing) 



0 


27 








EIGRP Unequal-Cost Load Balancing 
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Allows the router to include routes with a metric smaller than the multiplier value 

times the metric of successor 

Router(config-router)# variance <multiplier> 



Variance Example 
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Variance = ? 


Topology Table of Router A 

Network 

NH 

AD 

FD 


10.0.0.0/8 

B 

1000 

2000 

S 

C 

1500 

2500 

FS 

D 

3500 

4500 
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Neighbor Table of Router A 

Neighbor 

Interface 

B 

SO 

C 

SI 

D 

S2 


Routing Table of Router A 

Network 

Next Hop 

FD 

10.0.0.0/8 

B 

2000 

c 

2500 
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Router Authentication 
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• Gives greater security to the routing protocol by supporting authentication 

• A router authenticates the source of each routing update packet that it receives. 

• Prevent false routing updates from updating the routing table 



Inject false routing information 




Many routing protocols support authentication 
Router authenticates the source of each routing update 

Simple password authentication is supported by: 

• IS-IS 

• OSPF 

• RIPv2 

MD5 authentication is supported by: 

• OSPF 

• BGP 

• EIGRP 


Authenticate routing update packets 
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MD-5 Authentication 
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• MD-5 authentication uses key-chains to perform routing protocol authentication. 

• Each and every Key Chain contains 1 or more keys . 

• Each and Every key identified using Key number and key-string. 

• Key number and key-string need to match on both the routers. 



MD-5 Authentication Configuration 
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• Stepl: Create key Chain on the router 

• Router(config)# key chain zoom 

• Router(config-keychain)#key 1 

• Router(config-keychain-key)#key-string ccnp 

• Router(config-keychain-key)#exit 

• Step 2: Apply Key Chain on the Interface that is connected to neighbor 

• Rl(config)# key chain zoom 

• Rl(config-keychain)#key 1 

• Rl(config-keychain-key)#key-string ccnp 

• Rl(config-keychain-key)#exit 
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OSPF Features 
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• Open standard (IETF) 

• SPF or Dijkstra algorithm 

• Link-state routing protocol 

• Classless 

• Supports FLSM, VLSM, CIDR and Manual summary 

• Incremental / triggered updates 

• Updates are sent as multicast (224.0.0.5 and 224.0.0.6) 

• Metric = Cost (cost = 108/bandwidth in bps) 

• Administrative distance = 110 

• Load balancing via 4 equal cost paths by default (unequal cost load balancing not 
supported) 
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Link-state Routing Protocol 


• Auto Neighbor discovery 

• Hierarchical network design 

• Sends periodic updates, known as link-state refresh, every 30 minutes 

• Maintains similar database on all the routers within an area 

• Router ID is used to identify each router 
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Router ID 
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• Highest IP address on Active Physical Interface 

• Highest IP address on Logical Interface (if configured) 

• Highest preference is for Router ID command 


Configuring Router ID 

Router(config-router)# router-id <ip address> 
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Link-State Data Structure :Network Hierarchy 


* Link-state routing has a hierachical network 

• This two-level hierarchy consists of the following: 

• Transit area (backbone or area 0) 

• Regular areas (nonbackbone areas) 
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OSPF Multi Area 


ZOOM 

V ECHNOLOGIES 





0 


33 








Types of Routers in ospf 
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• Backbone router- The router which belongs to backbone area is called as Backbone 
router 

• Internal Router- The router which belongs to regular area is called Internal Router 

• ABR-The router which shares two different areas is called Area Border Router 

• ASBR- The router which is connected to different protocol is called Autonomous 
system boundary router. 



Link-State Data Structures 
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• Neighbor Table 

• Also known as the adjacency database 

• Contains list of recognized neighbors 

• Database Table 

• Typically referred to as LSDB 

• Contains information about all routers and their attached links in the area or 
networks 

• Routing Table 

• Commonly named as forwarding database 

• Contains list of best paths to each destination 
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OSPF Database 
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Neighbor Table of Router A 

Neighbor 

Interface 

B 

SO 

C 

SI 



Link State Data base of Router A 

Router 

Links 

A 

5 

B 

5 

C 

5 

D 

5 


Routing Table of Router A 

Network 

Next Hop 

Cost 

20.0.0.0/8 

B 

11 

30.0.0.0/8 

c 

16 

40.0.0.0/8 

C 
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OSPF Metric calculation 


• OSPF metric is not defined in standards 

* Every vendor uses a different formula to calculate metric 

* OSPF Metric in Cisco = Cost = 108 / Bandwidth in bps 

• Ex: 


Serial link 

64 Kbps 

cost =1562 


1544 Kbps 

cost = 64 


2000 Kbps 

cost = 48 

Ethernet 

10 Mbps 

cost = 10 

FastEthernet 

100 Mbps 

cost = 1 

Gigabit Ethernet 

1000 Mbps 

cost = 1 
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OSPF Cost calculation 


* How much does it cost to reach 40.0.0.0/8 from Router A 
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30.0.0.0/8 
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OSPF Packet Header Format 
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Protocol 
ID No. 

89 = OSPF 


OSPF Packet 

Version 

Number 

Type 

Packet 

Length 

Router ID 

Area ID 

Check- 

Sum 

Authen- 

tication 

Type 

Authen- 

tication 

Data 



OSPF Neighbor relationship 
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HELLO 

Router ID 

Hello and Dead Intervals * 

Neighbors 

Area ID * 

Router Priority 


DR/BDR IP Address 


Authentication Password * 
Stub Area Flag * 


* Entry must match on 
neighboring routers 
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Establishing bidirectional Communication 
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Establishing bidirectional Communication 
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Hello 
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^ to 244.0.0.5 


Init State 


Router B 
Neighbors List 
172.16.5.1/24, Int El 
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Establishing bidirectional Communication 
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Hello 




Down State 


^ to 244.0.0.5 


Init State 


Router B 
Neighbors List 
172.16.5.1/24, Int El 


. 


Hello 


Router A 
Neighbors List 
172.16.5.2/24, Int E0 
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Establishing bidirectional Communication 
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Hello | 


Down State 


Init State 


to 244.0.0.5 


Router B 
Neighbors List 
172.16.5.1/24, Int El 


Hello 


Router A 
Neighbors List 
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Exstart State 


Hello I will start exchange because I have router ID 172.16.5.1 
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No, 1 will start exchange because 1 have a higher router ID. 
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Hello 

Exchange State 
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172.16.5.1 




EO 

172.16.5.3 


[ Exstart State~| 


DBD • will start exchange because I have router ID 172.16.5.1 


No, I will start exchange because I have a higher router ID. DBD 


| Exchange State 


Here is a summary of my LSDB. 


DBD 
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172.16.5.1 




EO 

172.16.5.3 




| Exstart Stat<T 


Hello I will start exchange because I have router ID 172.16.5.1 


No, I will start exchange because I have a higher router ID. I . . . 

^ Hello 

[~ Exchange StatcT 


Here is a summary of my LSDB. 


. 


DBD 


DBD Here is a summary of my LSDB. 
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Thanks for the information! 
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172.16.5.1 




EO 

172.16.5.3 


LSAck 


Thanks for the information! 


LSAck 


| Loading State 


LSR * need the complete entry for network 172.16.6.0/24. 
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LSAck 


LSR 




Thanks for the information? 


LSAck 


| Loading State| 

I need the complete entry for network 172.16.6.0/24. 


Here is the entry for network 172.16.6.0/24 
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LSAck 
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LSAck 
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LSAck 




Thanks for the information! 


LSAck 


| Loading State 


LSR 


I need the complete entry for network 172.16.6.0/24. 


Here is the entry for network 172.16.6.0/24 



LSAck 


:k - 


Thanks for the information! 
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Link State Updates 
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LS Data Structures: LSA Operation 
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LS Update Packet 
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Ignore LSA 
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Broadcast 

Multiaccess 


Point-to-Point 


NBMA 
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Adjacency Behavior for a Point-to-Point Link 


• A point-to-point link is a single pair of routers. 

• Serial line configured with PPP or HDLC protocol. 

• No DR or BDR election is required 

• OSPF detects this type of link automatically. 
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Broadcast Multi Access 
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* Topology like Ethernet and Token Ring is BMA. 

* DR and BDR Election is required. 

* OSPF detects this type of link automatically 
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Neighbor 
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Neighbor Neighbor 
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Neighbor 
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Neighbor 

A 



Neighbor Neighbor 

A, B, C, E A, B, C, D 
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Designated Router and Backup Designated Router 
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• The router with the highest priority is DR 

• The router with second-highest priority is BDR 

• The default priority value is 1 

• In the case of a tie, the router with highest router ID becomes DR , the second highest 
router ID becomes the BDR 

• If router priority is 0 it cannot become the DR or BDR 

• Router which is not a DR or BDR is called as DROTHER 

• DR and BDR election is not preemptive 

• We can manually set the priority to force a router to become the DR. 



DR/BDR Elections 
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Neighbors 

DR/BDR 

-> DROTHER 

-> 

Full 

DROTHER 

-> DR/BDR 

-> 

Full 

DROTHER 

-> DROTHER 


2 Way 

Updates 

DROTHER 

DR/BDR 

-> 

224.0.0.6 

DR 

DROTHER 


224.0.0.5 
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Neighbor 

A 



Neighbor Neighbor 

B, E -> FULL A, B, C, D FULL 

A, C 2WAY 
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Neighbor 

A 



Neighbor 
B, E FULL 

A, C 2WAY 


Neighbor 
A, B, C, D FULL 
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NBMA 


• Links like Frame relay, ATM and X.25. 

• OSPF considers NBMA as other broadcast media. 

• NBMA is not always full-mesh 

• DR BDR election depends on type of connection. 
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X.25 

Frame Relay 

ATM 




NBMA Types 
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OSPF Mode 

Adjacency 

Configured 

Hello Timer 

RFC or Cisco 

Broadcast 

DR/BDR 

Automatic 

10 sec 

Cisco 

Nonbroadcast (NBMA) 

DR/BDR 

Manual 

30 sec 

RFC 

Point-to-Multipoint 

No DR/BDR 

Automatic 

30 sec 

RFC 

Point-to-Multipoint 

Nonbroadcast 

No DR/BDR 

Manual 

30 sec 

Cisco 

Point-to-Point 

No DR/BDR 

Automatic 

10 sec 

Cisco 
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Why Multiarea OSPF? 


I zoom I 

^TECHNOLOGIES^ 


• Single-area OSPF is useful in smaller networks. If an area becomes too big, the 
following issues must be addressed: 

• Large routing table 

• Large link-state database (LSDB) 

• Frequent SPF algorithm calculations 



0 


55 






Multi Area OSPF 
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Multiarea OSPF requires a hierarchical network design and the main area is called the backbone area, 
or area 0, and all other areas must connect to the backbone area. 


Receiving too many 
LSA! ! ! 


Area lO 


Area 30 



I'm Running out of memory 
because my routing table is 
to big !! 


I'm Running out of memory 
because my routing table is 
to big! ! 



Type of OSPF Routers 
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Other AS 
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Benefits Of Route Summarization 


* Minimizes number of routing table entries 

* Localizes the impact of a topology change 

* Reduces LSA 3 and 5 flooding and saves CPU resources 
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Before Route Summarization 
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After Route Summarization 
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Types Of LSA 
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LS Types 

Name 

1 

Router LSAs 

2 

Network LSAs 

3 

Summary LSAs 

4 

ASBR Summary 

5 

Autonomous System External LSAs 

6 

Multicast OSPF LSA 

7 

Defined for not-so-stubby areas 



LSA Type 1: Router LSA 
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• One Router LSA (type 1) for every router in an area 

• Includes list of directly attached links 

• Each link identified by IP prefix and link type 

• Identified by the router ID of the originating router 

• Floods within its area only; does not cross the ABR 
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LSA Type 1: Router LSA 
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LSA Type 2: Network LSA 
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* One Network (type 2) LSA for each transit broadcast or NBMA network in an area 

• Includes Network ID, subnet mask and list of attached routers on that transit link 

* Advertised by the DR of the transit network 

* Floods within its area only; does not cross ABR 
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LSA Type 2: Network LSA 
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LSA Type 3: Summary LSA 
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* Type 3 LSAs are used to flood network information to areas outside the originating 
area (inter-area) 

* contains network ID and subnet mask 

* Advertised by the ABR of originating area 

• Regenerated by subsequent ABRs to flood throughout the autonomous system. 

• By default, routes are not summarized and there is one type 3 LSA for every subnet 
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LSAType 3: Summary LSA 
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LSA Type 4: ASBR Summary LSA 
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* ASBR Summary (type 4) LSAs are used to advertise Router ID of ASBR to all routers in 
other areas present in autonomous system 


• They are generated by the ABR of the originating area 

• They are regenerated by all subsequent ABRs to flood throughout the autonomous 
system 

• Type 4 LSAs contain only the router ID of the ASBR 
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LSA Type 4: Summary LSA 


Other AS 
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LSA Type 5: External LSA 
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• External (type 5) LSAs are used to advertise networks learned from other autonomous 
systems 

• Type 5 LSAs are advertised and owned by the originating ASBR 

• Type 5 LSAs flood throughout the autonomous system 

• The advertising router ID (ASBR) is unchanged throughout the autonomous system 

• Type 4 LSA is needed to identify ASBR 

• By default, routes are not summarized by ASBR 



0 


63 








LSAType 5: External LSA 
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Other AS 

10.0.0.0/8 





Types of Routes 
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Router Designator 

Description 

o 

LSA 1 

Networks from within the area of the router 

O IA 

OSPF interarea 

(summary LSA) 

Networks from outside the area of the router, 

but within the OSPF autonomous system 

O El 

El external routes 

Networks outside of the autonomous system of 

the router 

O E2 

E2 external routes 
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Cost for External Updates 
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Default Routes in OSPF 
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• OSPF can send Default Route in update 

• A default route is sent as an external LSA type (0*E2) 

• Static Default Route needs to be defined in Originating router 


Router(config)#ip route 0.0. 0.0 0.0. 0.0 <Exit Int/next-hop-IP> 
Router(config-router)# default-information originate 
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Default Routes in OSPF 
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Defining Virtual Links 


• Virtual links are used to connect a discontiguous area to area 0 

• A logical connection is built between routers 

• Virtual links are recommended for backup or temporary connections 
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Virtual Links 
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Configuring Virtual Links 
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Configuring Virtual Link 

Router(config-router)# area <area-id> virtual-link 

< router-id > 
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Stub and Totally Stubby Area Rules 


• There should not be an ASBR in the area 

• The area should not be Area 0 

• No virtual links must pass through the area 

• There should be a single ABR (recommended) 
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Using Stub Areas 
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• External LSAs are stopped 

• Default route is advertised into stub area by the ABR 

• All routers in stub area must be configured as stub 
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Stub Area 
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Stub Area Configuration 
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Configuring Stub command on all router in the area 
Router(config-router)# area <area-id> stub 



0 


70 





Using Totally Stubby Areas 


• External LSAs are stopped 

• Summary LSAs are stopped 

• Routing table is reduced to a minimum 

• All routers in stub area must be configured as stub 

• ABR of stub area must be configured as totally stubby 

• This is a Cisco proprietary feature 
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Totally Stubby Area 
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Totally Stubby Configuration 
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Configuring all routers of Totally Stubby Area 
Router(config-router)# area <area-id> stub 


Configuring Area Border Router of Totally Stubby Area 
Router(config-router)# area <area-id> stub no-summary 



Not-So-Stubby Areas 
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• NSSA breaks stub area rules 

• ASBR is allowed in NSSA 

• Special LSA type 7 defined, sent by ASBR 

• ABR converts LSA type 7 to LSA type 5 

• ABR does not send default route into NSSA by default 

• NSSA is an RFC addendum 
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NSSA Area 
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NSSA Area Configuration 
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Configuring NSSA command on all router in the area 
Router(config-router)# area <area-id> nssa 
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Totally Not-So-Stubby Areas 


• Totally NSSA Does not accepts summary and external LSAs 

• By default. Default Route is advertised by ABR of Totally NSSA 
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Totally NSSA Area 
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Area 10 


Area 0 


LSA7 

I Router ID -A 



LSA3 

Router ID - D 


Area 300 
— Z_ 


LSA1 

Router ID - E 



r-ABR 

• V 


LSA5 

Router ID - F 


ASBR 



Other AS 
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Totally NSSA Area Configuration 
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Configuring NSSA command on all routers in the area 
Router(config-router)# area <area-id> nssa 


Configuring NSSA command on ABR router in the area 
Router(config-router)# area <area-id> nssa no-summary 



OSPF Authentication 
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OSPF supports two types of routing protocol authentication methods 
1) Clear Text or Plain Text 


2) MD-5 Authentication 




Inject false routing information 

I 


Routers will accept the routing information from other routers that have been configured with the same 
password or authentication information. 
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OSPF Authentication 
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1) Clear Text or Plain Text 
Router(conf-if)#ip ospf authentication 
Router(conf-if)# ip ospf authentication-key ccnp 

2) MD-5 Authentication 

Router(conf-if)#ip ospf authentication message-digest 
Router(conf-if)# ip ospf message-digest-key key-id md5 ccnp 
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Reasons for using Multiple Routing protocols 


• Application-specific protocols 

• Mismatch between devices (Vendors) 

• Political boundaries 
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Redistribution 
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• This process of exchanging routing information between routing protocols is called 
Route Redistribution 
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Seed Metric 
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Protocols 

Metric 

RIP 

Infinite 

OSPF 

20 

IGRP and EIGRP 

Infinite 

IS - IS 

0 

BGP 

From IGP 
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Redistributing into RIP 
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Protocol 
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Routing 

Update 
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RIP 



Configuring Redistribution into RIP 

BR(config)# router rip 

BR(config-router)# redistribute <protocol> 

metric <value> 
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Redistributing into OSPF 
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s 

/ 

/ 

t 

/ 

I 

\ 

\ 

\ 

\ 

X 

N. 


Protocol 

X 


m.m.n.n 

Routing 

Update 


Redistributing 
into OSPF 5 
with Cost 100 
and Subnets 

N 

' / 

\ 


OSPF 

Update 



X 

X 

\ 

\ 

\ 

\ 

I 

I 

/ 

/ 

/ 

s 

s 


OSFP 5 



OE2 10.12.0.0 [100] 



Configuring Redistribution into OSPF 
BR(config)# router ospf 5 
BR(config-router)# redistribute <protocol> 

[metric <value>] [metric-type 1|2] 



Redistributing into EIGRP 

✓ 

z / Protocol 

Redistributing 
into EIGRP 10 
with BW 2Mbps, 
Delay 2000 ps, 
Reliblity 100%, 
Load 50%, 

MTU 1500 

EIGRP 10 N 
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in.io.n.n 

Routing 

Update 



Routing Table 


D 192.168.0.0 [45002100] 


D 192.168.1.0 [2100150] 


D 192.168.2.0 [45002100] 


DEx 10.10.0.0 [1200300] 


DEx 10.11.0.0 [1200300] 


DEx 10.12.0.0 [1200300] 


Configuring Redistribution into EIGRP 
BR(config)# router eigrp 10 
BR(config-router)# redistribute <protocol> 

metric <BW in Kbps> <delay in ps> 
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Passive Interface 


Passive Interface is the interface which will not send hello packets on the interface 
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Passive Interface Command 
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Configuring Passive Interface in routing protocol 
Router(config-router)# passive-interface <type> <No.> 
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Passive Interface 
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10.10.1.0/24 C(config)#router rip 

C(config-router)#default passive-interface 
C(config-router)#no passive-interface s 3 



Distribute Lists 


ZOOM 

^TECHNOLOGIES. 


u 


• Distribute List is a method of filtering routing updates. 

• Filtering can be inbound or outbound. 

• Distribute List will be applied in router mode. 
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Distribute List 



192 . 168 . 1 . 0/24 


ZOOM 

Router B 
Should no send 
Any update except 
192.168.2.0/24 

so so 


192 . 168 . 2 . 0/24 192 . 168 . 3 . 0/24 




Configuring Distribute-list on Router B 
Router(config)# Router eigrp 100 

Router(config-router)# distribute-list <ACL-No.> <in / out > 

<int type> <No.> 



Distribute List 
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Protocol 
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Routing 

Update 
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Redistributing 
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10.11.0.0/24 j ' 



OSPF 

Update 
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/ \ 

✓ \ 


✓ 
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N. 
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s 
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/ 
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OSPF 5 


Routing Table 

O 

192.168.0.0 [128] 


O 

192.168.1.0 [64] 


O 

192.168.2.0 [128] 


OE2 10.10.0.0 [100] 

OE2 10.11.0.0 [100] 

OE2 10.12.0.0 [100] 







Configuring Distribute-list on Router B 
Router(config)# Router ospf 5 


Router(config-router)# distribute-list <ACL-No.> out 

< protocol > 
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ROUTE Maps 


I ZOOM I 
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• Route maps work like a scripting language 

• It works like a sophisticated access-list 

• Top down processing 

• Once a match is found , the remaining statements are no longer processed 

• Route maps are configured with sequence numbers for easy editing i.e. for adding 
removing and inserting new statements. 

• Route maps are identified by names 

• Route maps will follow "IF THEN ELSE" criteria 



0 


83 






ROUTE MAPS - Usage 


• Route maps are used for 

• policy based routing 

• BGP policy 

• Redistribution 

• NAT 

• QoS 
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Configuration Of Route MAP 
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Configure Route Map 

Router(config)# Route-map <name> permit/deny <Sequence No.> 

Defining the condition to Match 
Router(config-route-map)#match < condition > 

Defining the condition to Set 
Router(config-route-map)#set < condition > 
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POLICY BASED Routing 
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* It is used for implementing a policy that causes the packet to take a different direction 


* Routing table is destination based 

* PBR allows source based routing 
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POLICY BASED Routing 


• ADVANTAGES 

• Different users can use different paths to reach the destination 

• Load sharing 
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POLICY BASED Routing 


Features 
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• Implemented in the incoming direction of the source interface 

• If a match is found in the route map and it is permitted , the packet will be sent 
according to the policy 

• If a match is found in the route map and it's not permitted , then it will be forwarded 
according to the normal routing table. 

• If there is no match th Route-map the packet will be forwarded according to routing 
table 
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Before POLICY BASED ROUTING 
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192.168.2.0/24 



POLICY BASED Routing 
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192.168.2.0/24 
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Defining Policies For PBR 
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Configure Route Map 

Router(config)# Route-map <name> permit/deny <Sequence No.> 


Defining the condition to Match 

Router(config-route-map)#match ip address <ACL-No.> 

Or 

Router(config-route-map)#match interface <type> <No.> 



Defining the condition to Set 

Router(config-route-map)#set ip next-hop <next-hop IP> 

Or 

Router(config-route-map)#set interface <type> <No.> 

1441 



Implementing PBR 
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Implementation Of PBR 

Router(config-if)# ip policy route-map <name> 
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Autonomous System 
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With in AS IGP works ex. 


AS 



Autonomous System is a set of routers under a single technical administration, using 
an interior gateway protocol and common metrics to route packets within the AS 
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The IANA is responsible for allocating AS numbers through five Regional Internet Registries (RIRs). 




Connection Redundancy 
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Connecting to One ISP 


Connecting to Two or more ISPs 


Single-homed 


Multihomed 




Dual-homed 


Option 1 


Dual-multihomed 
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When to use BGP 


• BGP is more appropriate if one of the following conditions exist 

• A.S. Is working as transit A.S. (Ex. ISP) 

• A.S is connected to multiple A.Ss 

• The traffic path for data entering or leaving the A.S. needs to manipulated 
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When not to use BGP 
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• BGP is not recommended if one or more following conditions exist 

• If it is a Single-homed A.S 

• Lack of resources like memory and processing power in routers 

• Low bandwidth link between A.Ss 

• Limited understanding about BGP route filtering and path selection processes 
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BGP Features 


• Open Standard 

• Advanced distance vector protocol 

• Path vector protocol 

• Classless. 

• Support FLSM, VLSM, CIDR, auto and manual summary (BGP-4) 

• It is an Exterior Gateway protocol 

• Designed to scale up for a huge inter-network like the Internet. 

• Updates are incremental and triggered. 
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BGP Features (continued) 


It sends updates to manually defined neighbors as unicast 
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• BGP is an application layer protocol, uses TCP for reliability, TCP port 179 

• Metric = Attributes 

• Administrative distance 

• 20 External updates 

• 200 Internal updates 

• BGP is not designed for load balancing. Uses only one path per network 
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Path Vector 
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AS path : 200, 2007 
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AS200 
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AS path : 
2019, 799, 2007 
11.0.0.0/8 
12.0.0.0/8 


AS2019 



Path Vector 


AS 2007 
11 . 0 . 0 . 0/8 
12 . 0 . 0 . 0/8 


AS path : 200, 2007 
11.0.0.0/8 
12.0.0.0/8 



AS200 


*i.Oo 0/ * 
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AS799 


AS2019 
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AS path : 799, 2007 
11.0.0.0/8 
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AS path : 
2019, 799, 2007 
11.0.0.0/8 
12.0.0.0/8 
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Path Vector 
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• IGPs announce networks and cost to reach those networks. 

• BGP announces pathways and the networks that are reachable at the end of the pathway. BGP 
uses Attribute as Metric. 

• AS Path is one of the attribute of BGP. Path with less AS hop is best path. 



BGP Databases 
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• Neighbor table 

• List of BGP neighbours 


• BGP forwarding table/database 

• List of all networks learned from each neighbor. 

• Can contain multiple pathways to destination networks 

• Database contains BGP attributes for each pathway 

• IP routing table 

• List of best paths to destination networks 
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BGP Neighbors 
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• BGP neighbors are routers forming a TCP connection for exchanging BGP updates. Also called as 
BGP Peers or BGP Speakers. 

• Two type of BGP neighbor relationship. 

• IBGP ( Internal BGP) 

• EBGP (External BGP) 
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AS 5252 


IBGP: Router Forming neighbor relationship within A.S. 

IBGP neighbors doesn't need to be directly connected 

EBGP: Router Forming neighbor relationship between two different A.S. 
EBGP neighbors need to be directly connected - though there may be 
exceptions to this 


BGP Neighbors 
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BGP Configuration 
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Configuring BGP Routing Protocol 
Router(config)# router bgp <AS no.> 


Configuring BGP Routing Protocol 

Router(config-router)# network cnetwork ID> 

[mask <subnet mask> 


• Only one instance of BGP per Router 

• Same network prefix must exist in routing table 

• Network may not be directly connected 

• Network without subnet mask will take classful mask 
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BGP Configuration 
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Configuring BGP Routing Protocol 

Router(config-router)# neighbor <IP-Address> 

remote-as <AS No.> 

• Router should have a route in the normal routing table to reach neighbor 

• Same command for IBGP and EBGP neighbor ,only the AS number will be different for an EBGP 
neighbor. 



BGP Routing Issue 
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11.0.0.0/8 AS 2121 

AS 5252 
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BGP Routing Issue 


11.0.0.0/8 
AS 5252 


OSPF 
AS 110 



Routing Table 

Pro 

Network 

Int 

B 

11.0.0.0/8 

SO 


Routing Table 


Pro 

Network 

Int 

11.0.0.0/8 route ? 


EBGP 
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Routing Table 

Pro 

Network 

Int 

B 

11.0.0.0/8 

SO 


AS 2121 


Solution : 

• Redistribute BGP into IGP (Not recommended) 

• Run BGP on All transit routers (routers coming in path from one A.S to other) 




Split Horizon in BGP 


EBGP Route 

11.0.0.0/8 


11.0.0.0/8 
AS 5252 


OSPF 
AS 110 


I BGP Route S 

11.0.0.0/8 



AS 2121 


Split Horizon : 

• Updates coming from IBGP neighbor cannot be forwarded to other IBGP neighbors 
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Full Mesh IBGP Neighbor 
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Solution: 


• Configure full mesh IBGP neighbor relationship OR 



BGP - Star Topology 
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EBGP Route 

11.0.0.0/8 

11.0.0.0/8 
AS 5252 

Problems : 

• In Star topology same routing 

• This creates repetition of same updates 
BGP in full mesh creates (n X (n -l))/2 IBGP Neighbor relationship 


AS 2121 


router need to passthrough hub router 


OSPF 
AS 110 
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Route Reflector 
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ibgp Route R R Server 




Route Reflector 
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• A Route Reflector is one method of disabling Split Horizon in BGP. 

• By using Route Reflector, routers are divided into two roles 

1) Route Reflector Server 

2) Route Reflector Client 

• Route Reflector client will update server, then server will update remaining clients. 
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BGP Synchronization 
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EBGP Route 

11.0.0.0/8 

11.0.0.0/8 
AS 5252 
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OSPF 

AS 110 




AS 2121 


BGP Synchronization Rule : 

• If updates are received from IBGP neighbor, it cannot be used in routing table nor sent to other 
EBGP neighbor till same update comes from Interior Gateway Protocol. 



BGP States 
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Loopback interface should be used for forming neighbor relationship. 
BGP messages 

Destination IP = Neighbor IP 

Source IP = Primary IP of Outgoing Interface 


BGP check source IP in its neighbor command, if no match Message will be discarded. 
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BGP Neighbor 
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In router B 
Interface loopback 12 
IP add 10.10.0.1/24 
Router BGP 110 
neighbor 10.20.0.1 


In router C 
Interface loopback 1 
IP add 10.20.0.1/24 
Router BGP 110 
neighbor 10.10.0.1 


On Router B 

B(config)#router BGP 110 

B(config-router)#neighbor 10.20.0.1 remote-as 110 
B(config-router)#neighbor 10.20.0.1 update-source loopback 12 
B(config)#int loopback 12 
B(config-if)#ip add 10.10.0.1 255.255.255.0 


{ jmrj- 
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EBGP Neighbor 
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On Router A 

A(config)#router BGP 278 

A(config-router)#neighbor 10.20.0.1 remote-as 523 
A(config-router)#neighbor 10.20.0.1 update-source loopback 12 
A(config-router)#neighbor 10.20.0.1 ebgp-multihop 2 


A(config)#int loopback 12 
A(config-if)#ip add 10.10. 0.1 255.255.255.0 



A(config)#ip route 10.20. 0.0 255.255.255.0 s 0 
A(config)#ip route 10.20.0.0 255.255.255.0 s 1 
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11.0.0.0/8 


BGP is an 


routing protocol, not a router-by-router routing protocol. 


Next Hop in BGP 
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next hop * next router. 



Next Hop in BGP 


11.0.0.0/8 

AS 5252 
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AS 2121 


If Router C doesn't know how to reach 1.1 it cannot reach 11.0.0.0 
network. 


B(config-router)#neighbor 192.168.2.2 next-hop-self 
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BGP Troubleshooting 
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• Clearing BGP neighbor relationship 

• On modification or implementation of new policy, BGP takes time to show results. For 
instant implementation of policies, resetting BGP peers is required. 

• Rttclear ip bgp * | <neighbor IP> 

• BGP resets connection and starts from Idle State. 

• R#clear ip bgp * | cneighbor IP> soft out | in 

• Clears only BGP updates, TCP connection will not be reset. 

• If BGP State is Idle or Active for long time. 

• Check for neighbor command in both routers. 

• Check whether a route exists in routing table to reach neighbor. 



BGP Summarization 
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• BGP Supports auto and manual summary. 

* Manual summary can be done at any point in network. 

• Summary can carry network belonging to multiple A.S. 


R(config-Router)#aggregate-address <network> <mask> [summary-only] 
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BGP Authentication 
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• BGP supports MD-5 authentication. 

• Configure a "key" (password); router generates a message digest, or hash, of the key 
and the message. 

• Message digest is sent; key is not sent. 


Router(config-router)# neighbor <neighbor IP address> password <string> 



BGP Metric 


• BGP metrics are called Attributes or Rich Metrics. 
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• BGP attribute types: 

• Well Known 

• Recognized by all the vendors. 

• Optional 

• May not be recognized by every vendor 

• Mandatory 

• Must be present in all updates. 

• Discretionary 

• Maybe present or not in updates 

• Transitive 

• Must be sent to other neighbors. 

• Non transitive 

• Only for that router. Should not be passed to neighbors. 

• Partial 

• Proprietary 
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BGP Attributes 


• Some BGP Attributes : 

• AS Path 
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• Next hop 

• Origin 

• Local preference 

• Multi Exit Discriminator 

• Weight 
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• AS Path : List of AS through which updates has traversed. 


* Path with shortest AS path list is more desirable. 

* AS Path is a well known, mandatory and transitive attribute. 


AS path : 2007 AS path : 200, 2007 

11.0.0.0/8 11.0.0.0/8 
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Next Hop 


BGP is AS by AS routing Protocol 


• Next hop * next router 

• Next hop = IP to reach next AS 

• Next hop well known, mandatory and transitive attribute. 
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Origin informs all ASs in Internetwork how network got introduced into BGP. 


• IGP(i) 

• network command 

• EGP(e) 

• Redistributed from EGP 

• Incomplete (?) 

• Redistributed from IGP or static 

• The origin attribute is well-known, mandatory, and transitive. 

• "I" is better then "e" and " e " is better then "?" 
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Local Preference 


• Local preference defines how data traffic should exit from an AS. 

• Default value is 100 

• Path with highest preference value is more desirable. 

• It is advertised only to IBGP neighbor within an AS. 

• Local preference is Well known, discretionary and transitive only to IBGP neighbor. 
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Local Preference 



^ 21117,178 
IP 100 
B 11.0.0.0/8 



AS 1220 


AS 125 


AS 179 

11.0.0.0/8 
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Local Preference 
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11.0.0.1 L p 100 


AS 21117 


LP 250 


AS 1220 


AS 125 


AS 179 

11.0.0.0/8 
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• MED define how the data traffic should enter an AS. 

• Default is value 0. 

• Path with less MED is more desirable. 

• MED is used to advertised to EBGP neighbor only. 

• MED is optional and non transitive 
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MED 
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AS 1220 



AS 179 

11.0.0.0/8 
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• Weight is Cisco's attribute. 

• Path with the highest weight is more desirable. 

• Default weight is 32768 for local network and 0 for other. 

• Weight is configured locally to each router, it is not advertised to any neighbor. 

• Weight is partial attribute. 
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BGP Path Selection Processes 


BGP Consider only (synchronized), no AS loops and a valid next hop 
route for path selection processes: 

• Prefer highest weight (local to router) 

• Prefer highest local preference (global within AS) 

• Prefer route originated by the local router (next hop = 0.0.0.0) 

• Prefer shortest AS path 

• Prefer lowest origin code (IGP < EGP < incomplete) 

• Prefer lowest MED (from other AS) 

• Prefer a path from EBGP neighbor over IBGP neighbor 

• Prefer the path through the closest IGP neighbor 

• Prefer oldest route for EBGP neighbor 

• Prefer the path with the lowest neighbor BGP router ID 

■X ._rrrn_ ~* N 
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Route Map for BGP policy 
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Route Map for BGP policy 
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100 


Match IP add 
Set Local 


AS 21117 


AS 1220 


AS 179 
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Multi-homing AS 
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Global 

ISPX 


Global 

ISPY 
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Why Do We Need IPV6 
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Why Do We Need a Larger Address Space? 


• Internet population has grown exponentially 

• Millions of Mobile users 

• Transportation 

• Consumer devices 

• No. of Websites - again exponential growth 
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IPV4 vs IPV6 


ZOOM 

^TECHNOLOGIES, 


u 


Features 

IPv4 

IPv6 

Notation 

Dotted Decimal Notation 

Example: 

10.0.1.100 

Hexadecimal Notation with Colon 

Example: 2001:03BB:B5A1:52FF: 

FEA5:4564:0112:1202 

Address Size 

32-bits 

128-bits 

Number of 

Address 

2 32 = 

4,294,967,296 Addresses 

2 128 = 

340,282,366,920,938,463,463,374,607,431,768, 
211,459 Addresses 

Packet Broadcast 

Support broadcasting 

No broadcasting, IPv6 using multicast. 
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IPv6 Advantages 
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IPv4 vs IPv6 
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IPv6 Address Representation 
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• IPv6 Format : x:x:x:x:x:x:x:x 

• where x is 16 bits Hexadecimal 

• Leading zeros in a x field are optional 

• Successive x Fields of 0 can be represented as :: but only once 

• Eg. 2031:0000:0000:013f:0000:0000:0000:0001 



IPv4 and IPv6 Header Comparison 
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IPv4 Header 


IPv6 Header 


Version 


IHL Type of Service 


Total Length 


Identification 


Time to Live Protocol 


Flags 


Fragment 

Offset 


Header Ctiecksum 


Source Address 
Destination Address 


Options 


Padding 


1 - Field name Kept from IPv4 to IPv6 
H - Fields not kept in IPv6 

- Name and position changed in IPv6 

- New field in IPv6 


Version 


Traffic Claes 



Payload Longtli 


Noxt Header Hop Limit 


Source Address 


Destination Address 
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IPv6 Address Type 


Unicast 

Multicast 
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• Anycast 



ZOOM 




ECHNOLOGIES, 


D 


• There are three type of unicast address 

• Global Unicast 

• Unique Local 

• Link-Local 
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Unicast 
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Address Scope 




Global Unicast 
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• Allows computers to communicate on the internet. 

• The Internet Assigned Numbers Authority (IANA )delegates the current global address's 
prefix as 2000: :/3. 
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Link Local 
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• Enables communication within local link (local physical network) only. 

• Equivalent to Automatic Private IP Addressing (APIPA) 

• The first 10 bits of link-local IP address is set to 1111111010, which is equals to FE80 when it is 
converted to hexadecimal. 

• A link-local IP address is always begins with FE80. 



Unique Local 
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• Equivalent to private IPv4 addresses 

• Packets are routed within an organization , and not outside it on the public internet. 

• In IPv4, these addresses are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. 

• IPv6's site-local addresses have set the first 10 bits to 1111111011, which equals to FC00. 
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Where do IP addresses come from? 
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Standards 



Regional Internet Registries (RIRs) 
distribute IPv4, IPv6, and AS numbers 
to the Internet community 


Assignment 



Multicasting 
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Group ID 



0 Permanent 

Flag = 

1 Temporary 

1 Int Local 

2 Link Local 

3 Subnet Local 

Scope = 4 Admin Local 

5 Site Local 
8 Organization 
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Multicast Scope 
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I Pv6 Multicast Scope 


Globol Sco po 


Or{janlztitlon>Local Scop« 
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Anycast 
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IP 2001:l::l(anycast IP) IP 2001:l::l(Anycast IP) 
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Anycast 


• One to nearest one 

• Two or more devices share same anycast IP 

• Nearest one will be decided by router by its routing protocol 

• Anycast should give same type of service 

• Anycast IP is used from Unicast range 
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Neighbor Discovery Protocol 
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• Neighbor Discovery Protocol is Internet Protocol used in IPV6 

• NDP uses 5 different messages for the operation 

• NS(Neighbor Solicitation) 

• NA( Neighbor Advertisement) 

• RS( Router Solicitation) 

• RA(Router Advertisement) 

• Redirect 
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Router Discovery 
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IPV6 Stateless Auto Configuration 
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• Device will assign IP address automatically by using stateless auto configuration. 

• Extended universal identifier (EUI)-64 format to do stateless auto configuration 

• This format expands the 48-bit MAC address to 64 bits by inserting "FFFE" into the 
middle of MAC address. 

• 7th initial bit of MAC will be always "1" 



EUI-64 To IPv6 
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00 90 27 17 FC OF 


02 90 27 


FF FE 


17 FC OF 


0290:27FF:FE17:FC0F 
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Special IPV6 Addresses 
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IPv6 Address 

Dcscri pti on 

: : /O 

• All routes and used when specifying a default static route. 

• It is equivalent to the IPv4 quad-zero (0.0. 0.0). 


• Unspecified address and is initially assigned co a hose when it 
first resolves its local link address. 

• Loopback address of local host. 

• Equivalent to 127.0.0.1 in IPv4. 

• Link-local unicast address. 

• Similar to the Windows autoconfiguration IP address of 
I 69. 254 .x.x. 

• Multicast addresses. 

All other addresses • Global unicast address. 



: : /128 
: : 1/12 8 

FESO : : /lO 

FFOO : : / 8 
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IPv6 Routing Protocols 


Static 
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RIPng 
OSPFv3 
ISIS for IPv6 
EIGRP For IPv6 
MPBGP 
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RIPng 


• RIP for IPv6 

• Based on RIPV2, with enhancements 

• Distributes IPv6 prefixes 

• RIPng sends updates on UDP port 521 using the multicast group FF02::9. 
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0SPFv3 


• OSPF for IPv6 

• Based on OSPFv2, with enhancements 

• Distributes IPv6 prefixes 

• Runs directly over IPv6 

• Ships-in-the-night withOSPFv2 
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OSPFv3 / OSPFv2 Similarities 
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• Link-State Protocol 

• SPF or Dijkstra algorithm 

• Basic packet types 

• Mechanisms for neighbor discovery and adjacency formation 

• Same Interface types 

• LSA flooding and aging mechanism 

• OSPFv3 still uses Router ID from IPv4 Address 
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0SPFv3 / 0SPFv2 Differences 



OSPF v2 

OSPF v3 

• Runs over subnet 

• Runs Over a Link 

• One instance per link 

• Multiple instance per link 

• Clear text or MD5 authentication 

• Uses standard authentication 


supported by IPv6 I.E. IPSec 

• Router should be on the same 

• Router belonging to different 

subnet to form neighbors. 

subnet can become neighbor 

• Uses Primary IP of outgoing 

• Uses link local address as source 

interface as source of updates 

of updates 
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EIGRPV6 


EIGRP for IPv6 
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• Uses Multicast address FF02::A 

• EIGRPV6 remains in shutdown state until no shutdown is given. 

• Manually need to configure Router-ID in EIGRPV6 

• EIGRPV6 also uses DUAL algoritham 
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IPv6 - IPv4 Transition 


* Transition Richness 

• No Fixed day or time Due date for IPv4 to IPv6 

• Smooth transition from IPv4 to IPv6 

• Use Dual Stack or 6to4 tunnel 

• IPv4 to IPv6 host can communicate 
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IPv4-IPv6 Transition and Co-Existence 
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• A wide range of techniques have been identified and implemented, basically falling 
into three categories: 

• Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and 
networks 

• Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, 
or regions 

• Translation techniques, to allow IPv6-only devices to communicate with IPv4-only 
devices. 
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DUAL Stack 


The term dual stacks means that the host or router uses both IPv4 and IPv6 at the 
same time. 
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Dual-Stack 



IPv4: 192.168.99.1 


interface EthernetO 
ip address 192.168.99.1 255.255.255.0 
ipv6 address 2001:410:213:1: :/64 eui-64 


IPv6: 2001:410:213:l::/64 eui-64 


• Cisco IOS is IPv6-enabled: 

- If IPv4 and IPv6 are configured on one interface, the router is dual-stacked 



IPv6 over IPv4 Tunnels 
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IPv4 Header IPv6 Header Transport Header Data 


Tunneling is encapsulating the IPv6 packet in the IPv4 packet 


Tunneling can be used by routers and hosts 


IPv6 Host 
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2001::5 <=> 172.16.0.5 
2001:3:0A00:0001 <=> 10.0.0.1 
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• ISATAP- Intra-Site Automatic Tunnel Addressing Protocol 

* ISATAP is a method of automatic 6 to 4 Tunnels. 

* ISATAP is a mechanism that allows us to deploy IPv6 over existing IPv4 infrastructure. 

• ISATAP connects two regions of IPv6 via a tunnel that will transit over existing IPv4 
infrastructure. 
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Virtual Private Networking 
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Virtual Network 



a 


T unnel 



• Private Network 


Encryption 



Encrypted 

message 
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VPN Services 
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• Services Offered by VPN are: 

- Data Security 

- Data Integrity 

- Authentication 

- Anti-Replay 

- Tunneling 



Devices Supports VPN 
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Servers 
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VPN Types 
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• Remote-access 

- Client-initiated 

- Network access server 

• Site-to-site 

- Intranet 

- Extranet 



Remote Access VPN 


ZOOM 




TECHNOLOGIES. 




Head Office 
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Site to Site 
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Head Office 



Business Partner 



Encryption at Several Layers 
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Application 
Layers (5-7) 


Transport/ 
Network 
Layers (3-4) 


Link/Physical 
Layers (1 -2) 


SSH 

S/MIME Application Layer 
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Tunneling Protocols 
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Application 
Layers (5-7) 




Transport/ 
Network 
Layers (3-4) 


Link/Physical 
Layers (1 -2) 
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Generic Routing Encapsulation 
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^ ^ ^ 

IP 

Data 

Data 

192.168.1.10 

192.168.2.20 

- ' 


net 


61 . 0 . 0.5 




Data 

192.168.1.10 192.168.2.20 



2.2.2.3 61.0.0.5 
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IPSec 
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• IPSec is a open standard (IETF) 

• Network layer protocol 

• It provides Data security and tunneling services 

• It is a framework consisting of many open standards providing encryption , authentication, key 
exchange and data integrity. 

• Scales from small to very large networks 

• It can Work only for IP unicast traffic 

• IPSec over GRE is used for protecting non-IP or Multicast traffic 
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IPSec Modes 
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• IPSec modes: 

- Tunnel Mode 

- Tunnel mode creates a new additional IP header with data encryption 

- Transport mode 

- just encrypt data without adding new IP header 
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IPSec Protocols 
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• Negotiation protocol 

- IKE/ISAKMP 

• Security Protocol 

- ESP 

- AH 



IPSec Protocols 


Encryption 
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- DES 

- 3DES 

- AES 
• Hash 

- MD5 

- SHA 


• Authentication 

- Pre-share key 

- Username/Password 


- OTP 

Password Protection (Diffie-Hellmanfor password exchange) 

- DH Group 1 

- DH Group 2 
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Internet Key Exchange 
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• IKE solves the problems of manual and unsalable implementation of IPSec by automating the 
Negotiation Process 

- Automatic key generation, negotiation and implementation 

- Negotiation of SA characteristics 

- Manageable manual configuration 
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IKE Negotiation 


Branch X 


Policy 1 

Encryption: 3DES 
Hash: SHA 

Authentication: Pre Share 
DH 2 

Policy 2 

Encryption: DES 
Hash: MD5 

Authentication: Pre Share 
DH 2 



Policy 1 

Encryption: DES 
Hash: MD5 

Authentication: Pre Share 
DH 2 
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Head Office 



3800 

Policy 1 

Encryption: AES 
Hash: SHA 

Authentication: Pre Share 
DH 2 

Policy 2 

Encryption: 3DES 
Hash: SHA 

Authentication: Pre Share 
DH 2 

Policy 3 

Encryption: DES 
Hash: MD5 

Authentication: Pre Share 
DH 2 
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Encapsulating Security Payload 
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• ESP protocol ID 50 

• Provides framework for encrypting, authenticating and data integrity. Optional Anti-replay 


Original 


L2 

IP Header 

TCP / UDP Head 

DATA 


Transport Mode 


L2 

IP Header 

ESP Head 

TCP / UDP Head 

DATA 

ESP Tail 

ESP Auth 



Authentication Header 
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• AH protocol ID 51 

• Provides framework for authenticating and data integrity. Optional Anti- 
Replay 


L2 

IP Header 

TCP / UDP Head 

DATA 


Transport Mode 


L2 

IP Header 

AH Head 

TCP / UDP Head 

DATA 


Tunnel Mode 


L2 

New IP Header 

AH Head 

IP Head 

TCP / UDP Head 

DATA 
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• DMVPN allows a vpn tunnel to dynamically created and torn down between two remote 
sites. 


• DMVPN uses NHRP and multipoint GRE to perform this operation. 









Layer 2 Switching 
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• Hardware-based bridging 

• Wire-speed performance 

• High-speed scalability 

• Low latency 

• Uses MAC address 
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Layer 3 Switching 
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• Hardware-based packet forwarding 

• High-performance 
packet switching 

• Flow accounting 

• Layer 3 security 

• Policy deployment 




Multilayer Switching 
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• Combines functionality of: 

- Layer 2 switching 

- Layer 3 switching 

- Layer 4 switching 

• High-speed scalability 

• Low latency 



Transport 


Network 


Data-Link 


7 

6 

5 

4 

3 

2 
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Types of switches 
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Types of switches 
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• Access Layer: 

• Access Layer switches are used to connect end devices to the network 

• Access Layer Switches used to provide Layer2 ( VLAN) connectivity between users. 

• Ex: 2950,2960 switches 

• Distribution Layer: 

• Distribution Layer switches are used to interconnect access layer switches to core layer switches. 

• Distribution Layer is a Layer 3 Boundary where routing meets the VLANs of access layer switches. 

• Ex: 3550,3560,3750,4500 Switches 

• Core Layer 

• Core Layer provides interconnectivity between all distribution layer switches. 

• Core Layer is sometimes also called as Backbone must be capable of forwarding traffic from one 
distribution layer to other distribution layer switch as efficiently as possible 

• Ex: 6500 Switch 
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Fast Ethernet 
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Fast Ethernet 
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• Built on Ethernet principles 

• Bandwidth - 100 Mbps 

• Uses same frame types, lengths, and formats 

• Still CSMA/CD 

• Same MAC layer, new physical layer 



Gigabit Ethernet 
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• Enhances client/server performance across the enterprise 

• Connects distribution-layer switches in each building with a central campus core 
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10 Gigabit Ethernet 
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• Cost-effective bandwidth for the LAN, switch-to-switch 

• Used to aggregate multiple Gigabit Ethernet segments 
•10 Gigabit EtherChannel will enable 20 to 80 Gbps (future) 


I 

S 
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Metro Ethernet 
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* Leverages service provider network or existing, unused optical fiber (dark fiber) for 
metro Ethernet connectivity 

• Supports any IP application 
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Switching Types 
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• Store and Forward 


• Cut Through 


• Fragment Free 



Store and Forward 
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FCS 

L3, L4, and Data 

Ether 

Type 

Source MAC 

Dest. MAC 




In Store and Forward switching, Switch copies each complete frame into the switch memory 
and performs CRC(cyclic Redundancy Check) on that frame. If there are any errors it will drop 
that frame, if there are no errors it will forward the frame. 

Delay is high , number of frames forwarded is low when compared to other types of switching 
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Cut Through 
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FCS 

L3, L4, and Data 

Ether 

Type 

Source MAC 

Dest. MAC 




In cut-through switching, the switch copies only the destination MAC address (first 6 bytes of 
the frame) of the frame into its memory before making a switching decision. 

More Errors - because it is not performing CRC. 

Low Delay 



Fragment Free 
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FCS 

L3, L4, and Data 

Ether 

Type 

Source MAC 

Dest. MAC 




Fragment-free (runtless switching) switching is an advanced form of cut-through switching. The 
switches operating in fragment-free switching read at least 64 bytes of the Ethernet 
frame before switching it to avoid forwarding Ethernet runt frames(Ethernet frames smaller 
than 64 bytes). 
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Cat OS and Cisco IOS (Native Mode) 
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•Cat OS 

• Layer 2 switching functions 
•Hybrid Mode 

• Cat OS for Layer 2 switching 

• IOS for Layer 3 

•Cisco IOS (Native Mode) 

• Works for both Layer 2/Layer 3 switching 

• Runs on a device that can have a port that acts like a router port (Layer 3) or like a 
switched port (Layer 2) 

• Available on all new Catalyst switches 
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CAM VS TCAM 


CAM Table 

CAM Table is used to store layer 2 information like 

• Source MAC address 

• Interface where we learned the source MAC address 

• Vlan information 

TCAM Table 

TCAM table is used to store higher information like 

• Access-list 

• QOS 

• Routing Table 
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CDP Cisco Discovery Protocol 
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• CDP is a Layer 2 protocol used to find information about neighbor devices 

• CDP Advertisements are sent as multicast frames. 

• By default CDP is enabled on all Cisco devices. 

• If an attacker is listening to CDP messages, it could learn important information about the 
device model and the current software version 

Note: Cisco recommends disabling CDP when not in use. 
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To get the information about neighbors by using CDP 
#sho w cdp neighbors 
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• LLDP is similar to CDP but works on multi vendor networks. 

• LLDP is an IEEE 802.1AB standard 

• By default LLDP is disabled on Cisco devices. 

• To enable LLDP on a Cisco device 
Switch(conf)#lldp run 
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Virtual LANs 
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• VLANs are used to divide one large broadcast domain into multiple smaller broadcast 
domains. 

• A large network can be divided into VLANs based on Project, Department or function etc. 

• VLANs provide Broadcast Segmentation 

• Each VLAN is a single Broadcast domain 
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Vlan Membership Mode 
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Static 


Switch 





Dynamic 



Switch 

5500 


E 


A 




Static VLANS 
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• Static Vlans are also called as port-based vlans. 


• Any device connecting to the port will become a member of that Vlan. 

• This is the most common method of assigning ports to VLANs 

• There is a default VLAN, on Cisco switches :VLAN 1 
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Dynamic Vlan 
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• Dynamic Vlans are also called MAC based vlans. 

• Vlans are automatically created by switch and assigned as per the mac address of the 
connected device. 

• Dynamic vlans are flexible compared to static vlans. 

• VMPS is required to configure Dynamic Vlans. 



ZOOM 

^TECHNOLOGIES. 


'J 


• Voice Vlan allows access ports to carry voice traffic from an IP phone 

• By default voice vlan feature is disabled. 

• To enable, Give the following command 
Switch(conf-if)# switchport voice vlan 10 
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End to End Vlan 
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VLAN Ranges and Mappings 
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VLAN Range 


Range 



1 


Normal 


Cisco default 

2-1001 


Normal 

■ 

For Ethernet VLANs 

1002-1005 


Normal 


Cisco defaults for FDDI and Token 
Rina 




T9 

1006-4094 


Extended 

For Ethernet VLANs 




L 



Creating a VLAN 
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Switch(config)#Vlan <no> 


Switch(config-vlan)#name <name> 
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Assigning Access Ports to a VLAN 
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Switch(config)#interface gigabitethernet 1/1 
• Enters interface configuration mode 


Switch(config-if)#switchport mode access 
• Configures the interface as an access port 


Switch(config-if)#switchport access vlan 3 
• Assigns the access port to a VLAN 



Verifying VLANs - show vlan 
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Deleting VLANs 
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Switch(config-if)#no switchport access vlan vlan_number 
• This command will reset the interface to VLAN 1. 
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Trunking Encapsulation 
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* VLANs are local to each switch's database, and VLAN information is not passed 
between switches. Trunks carry traffic from all VLANs to and from the switch by default 
but can be configured to carry only specified VLAN traffic. 


• Two types of trunking encapsulation protocols 

• ISL( Inter Switch Link) 

• 802. 1Q( Dot IQ) 



VLAN Trunk Encapsulation 
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802.1 Q or IS L 
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ISL Encapsulation 



VLAN 10 
VLAN 20 


VLAN 10 


VLAN 10 





VLAN 20 



ISL and Layer 2 Encapsulation 
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ISL Encapsulated Layer 2 Frame from an ISL Trunk Port 


ISL Header 

DA 

SA 

Length/ 

Data 

FCS 

ISL 

(26B) 

(6B) 

(6B) 

Etype 

(2B) 

(0-1500 Bytes) 

(4B) 

FCS 

(4B) 


Untagged and Unencapsulated Layer 2 Frame from an Access Port 


DA 

SA 

Len/Etype 

Data 

FCS 

(6B) 

(6B) 

(2B) 

(0-1 500B) 

(4B) 
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Dotlq Trunk 
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VLAN 10 VLAN 10 
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802. IQ Tagged Layer 2 Frame from an 802. IQ Trunk Port 


DA 

SA 

Etype 

DotlQ Trunk 

Length/ 

Data 

FCS 

(6B) 

<6B) 

(8100) 

(2B) 

Tag (2B) 

Etype 

(26) 

(0-1500 Bytes) 

(4B) 


Untagged and Unencapsulated Layer 2 Frame from an Access Port 


DA 

SA 

Len/Etype 

Data 

FCS 

(6B) 

(6B) 

(2B) 

(0-1500B) 

(4B) 
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Importance of Native VLANs 
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► VLAN1 Untagged Traffic (Native VLAN) 


Configuring Trunk link 
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Switch(config)#interface fastethernet 2/1 
• Enters interface configuration mode 


Switch(config-if)#switchport trunk encapsulation isl/dotlq 
• Selects the encapsulation 


Switch(config-if)#switchport mode trunk 
• Configures the interface as a Layer 2 trunk 
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Verifying Trunking 
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Switch#show running-config interface 
slot/port 

{fastethernet | gigabitethernet} 



Switch#show interfaces [fastethernet 
| trunk ] 

| gigabitethernet] slot/port [ switchport 


Switchttshow interfaces fastethernet 2/1 trunk 


Port Mode Encapsulation Status Native VLAN 
Fa2/1 desirable isl trunking 1 

Port VLANs allowed on trunk 
Fa2/1 1-1005 

Port VLANs allowed and active in management domain 
Fa2/1 1-2,1002-1005 


Port VLANs in spanning tree forwarding state and not pruned 
Fa2/1 1-2,1002-1005 



Dynamic Trunking Protocol 
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* Dynamic Trunking protocol is a dynamic way of establishing a trunk between two switches. 


• DTP works in two modes 

1) Dynamic Desirable 

2) Dynamic Auto 



interface FastEthernetO/l interface FastEthernetO/1 

switchport mode dynamic desirable switchport mode dynamic auto 
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To Disable DTP 


Switch(conf)#interface fastethernet 0/1 
Switch(conf-if)#switchport nonegotiate 



Switch port Modes 
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access 

Forces a port to operate as an access port. 

trunk 

Forces a port to operate as a trunk port. 

dynamic desirable 

Initiates the negotiation of a trunk 

dynamic auto 

Passively waits for the remote switch to initiate the negotiation of a trunk. 


SWI Mode 

SW2 Mode 

Trunk Formed 

access 

ANY 

X 

trunk 

dynamic desirable 


trunk 

dynamic auto 


trunk 

trunk 

✓ 

dynamic desirable 

dynamic desirable 


dynamic desirable 

dynamic auto 

if 

dynamic auto 

dynamic auto 
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Purpose of VTP 
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• You can create VLANs on a switch. 

• What if you have the same VLANs on 10 linked switches? Or 100 linked switches? 

• Do you have to create the VLANs on every switch and allow them on each trunk? 

• VTP helps. 

• But you still have to assign access ports to VLANs on each switch. 
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VLAN 30 

VTP Enabled Switches 



VTP Protocol Features 
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• VTP is a Cisco proprietary protocol. 

• VTP is used to exchange vlan information between switches. 

• Sends VTP advertisements on trunk ports only 

• VTP reduces administration in a switched network. 

• Maintains VLAN configuration consistency throughout a common administrative 
domain 

Note: VTP will not assign vlan's to the ports. 
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VTP Modes 


VTP Server 

• Create Vlans 

• Delete Vlans 

• Modify Vlans 

• Sends and Forwards Advertisements 

• Synchronizes 

VTP Client 

• Cannot create, delete and modify Vlans 

• Forward Advertisements 

• Synchronizes 
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VTP Transparent 

• Create, delete and modify Vlans local to the switch 

• Forward Advertisements 

• Does not synchronize 
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Configuration Revision Number 
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• VTP works based upon configuration revision number. 

• Configuration revision number increases by one every time we create, delete and modify 
vlans on the sever. 

• Configuration revision number ranges from 0-65,535 

• This ensures that each switch participating in VTP always has the latest information - 
comparing the current configuration revison number with the received update , the 
update will be accepted only if it has a greater configuration revision number 

• Configuration revision number of transparent switch always zero. 



Working of VTP 


Network admin 

Creates Vlan 10 

Vlan Database 
Vlan 10 





j 


~7vt 


P server 



Rev. No :0 
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VTP Client 
Rev. No :0 



VTP Transparent 
Rev. No :0 
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Working of VTP 
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Network admin 



VTP Client VTP Transparent 

Rev. No :0 Rev.No:0 



Working of VTP 
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Network admin 



VTP Client 
Rev. No :1 


VTP Transparent 
Rev. No :0 
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VTP Pruning 
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* Uses bandwidth more efficiently by reducing unnecessary flooded traffic 

• Example: Station A sends broadcast; broadcast flooded only toward any switch with 
ports assigned to the red VLAN 



Pruning Disabled 


Pruning Enabled 



Configuring a VTP Server 
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Switch (config) #vtp mode server 
• Configures VTP server mode 


Switch (config) #vtp domain domain-name 
• Specifies a domain name 


Switch (config) #vtp password password 
• Sets a VTP password 


Switch (config) #vtp pruning 
• Enables VTP pruning in the domain 
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Verifying the VTP Configuration 
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Switch#show vtp status 


Switch#show vtp status 


VTP Version : 
Configuration Revision : 
Maximum VLANs supported locally : 
Number of existing VLANs : 
VTP Operating Mode : 
VTP Domain Name : 
VTP Pruning Mode : 
VTP V2 Mode : 
VTP Traps Generation : 
MD5 digest : 
Configuration last modified by 0 . 


2 

247 

1005 

33 

Client 
Lab_Ne two r k 
Enabled 
Disabled 
Disabled 

0x45 0x52 0xB6 OxFD 0x63 0xC8 0x49 0x80 
.0.0 at 8-12-99 15:04:49 



VTP Advertisements 
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1) Summary Advertisements 
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VTP Advertisements 
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2) Subset Advertisements 




VTP Advertisements 
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3) Request Advertisement 
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VTP Versions 
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• All switches in a management domain must run the same version. 



Problem in VTP Version 1 and 2 
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• In VTP version 1 and2, VTP client can override vlan information in VTP server if it has 
higher configuration revision number compared to server. 


• It is recommended to add new switch to the switched network in VTP client with revision 
number zero. 


• VTP version 3 overcomes this problem 


VTP version 3 supports password encryption. 
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Bridging Loops 
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Broadcast Storm 


Direction of Broadcast 



• Host A sends a broadcast. 

• Switches continue to propagate broadcast traffic over 
and over 


■ 
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Spanning Tree Protocol 
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• STP is open standard protocol(IEEE 802.1D) 

• It blocks all the redundant paths and provides a loop free L2 path 

• STP uses Spanning Tree Algorithm! STA) to provide loop free topology 

• "Radia Perlman" is the inventor of the spanning tree algorithm 

• Enabled by default on all Cisco switches 



STP Election 
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• Election of Root Bridge 

• Lowest Bridge ID ( MAC address + Priority) 


• Election of Root Port on Non Root Switch 

• Lowest Path cost ( total cost to reach root switch) 

• Lowest sender bridge id 

• Lowest Port ID (Port Number) 

• Election of Designated Port on Non Root Switch 

• Lowest Path cost 

• Lowest sender bridge id 

• Lowest Port ID 
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STP Cost 
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Speed 

Cost 

10 Mbps 

100 

100 Mbps 

19 

1000 Mbps 

4 

10000 Mbps 

2 
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Bridge ID 




Bridge ID = 8 Bytes 


Bridge ID Without 
the Extended 
System ID 





Bndge ID = 8 Bytes 


♦> 


Bridge ID with 
Extended System ID 


Bndge 

Priority 

Extended 
System ID 

MAC Address 


4 Bits 

12 Bits 


48 Bits | 


2 Bytes 


6 Bytes 
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STP Election 
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Bridge ID:32768.000C.4ABC.7FD7 
^ " p ^FAO/22 


Switch A 


FAO/24 


FAO/24 


Switch B 


9 


FAO/23 


Bridge ID:32768.0A07.D75F.0CAB 


Bridge ID:32768.000C.ABCD.ABCD 


FAO/24 ^ ^ 


Switch C 




FAO/23 


^FAO/2 


FAO/23 Switch D 




Bridge ID:32768.0107.0001.0002 
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STP Election 
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Root ID: 32768. 000C.4ABC.7FD7 
Bridge ID:32768.000C.4ABC.7FD7 


FAO/24 



Root ID:32768.000C.ABCD.ABCD 
Bridge ID:32768.000C.ABCD.ABCD 


FAO/24 



FAO/23 


FAO/24 


FAO/23 



Bridge ID:32768.0A07.D75F.0CAB 
Root ID:32768.0A07.D75F.0CAB 


FAO/22 


FAO/23 


-£witch D 


Bridge ID:32768.0107.0001.0002 
Root ID: 3 2768. 0107. 0001. 0002 
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Root ID:32768.000C.4ABC.7FD7 
Bridge ID:32768.000C.4ABC.7FD7 


Switch A 


w 


FAO/22 


FAO/24 


Root ID:32768.000C.4ABC.7FD7 
Bridge ID:32768.000C.ABCD.ABCD 


FAO/24 


Switch C 

I FAO/23 


w 


FAO/24 

Switch 

Bridge ID:32768.0A07.D75F.0CAB 
Root ID:32768.000C.4ABC.7FD7 


FAO/22 


FAO/23 


Switch D 


9 


Bridge ID:32768.0107.0001.0002 
Root ID:32768.000C.4ABC.7FD7 
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STP Election 
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Root ID: 32768. 000C.4ABC.7FD7 
Bridge ID:32768.000C.4ABC.7FD7 

Mbps 


FAO/24 


Switch A 


9 


FAO/22 


100 


Root ID:32768.000C.4ABC.7FD7 
Bridge ID:32768.000C.ABCD.ABCD 

FAO/24 


FAO/23 


Switch C 


9 


100 Mbps 


100 Mbps 


FAO/24 

switch 

Bridge ID:32768.0A07.D75F.0CAB 
Root ID:32768.000C.4ABC.7FD7 


100 Mbps 


FAO/22 


FAO/23 


Switch D 


9 


Bridge ID:32768.0107.0001.0002 
Root ID:32768.000C.4ABC.7FD7 
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Root ID:32768.000C.4ABC.7FD7 
Bridge ID:32768.000C.4ABC.7FD7 


Switch A 


9 


FAO/22 


FAO/24 


FAO/24 


100 Mbps 


9 


FAO/23 


Switch B 

Bridge ID:32768.0A07.D75F.0CAB 
Root ID:32768.000C.4ABC.7FD7 


100 Mbps 


100 Mbps 


Root ID:32768.000C.4ABC.7FD7 
Bridge ID:32768.000C.ABCD.ABCD 


FAO/24 


Switch C 


9 


FA0/20 


100 Mbps 


FAO/23 


100 Mbps 


FAO/22 



Bridge ID:32768.0107.0001.0002 
Root ID:32768.000C.4ABC.7FD7 
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STP Election 
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Bridge ID:32768.000C.2BCD.ABCD 



Bridge ID:32768.000C.4ABC.ABCD 


Bridge ID:32768.0000.000C.ABCD 
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• STP uses BPDU's(Bridge Protocol Data Unit) to find 
redundant links that will cause loop in switched networks. 

• Switches send BPDU frame on multicast address 

01:80:C2:00:00:00 
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Switch : A 
Priority : 32768 
MAC : AAA 



Switch : B 
Priority : 3276S 
MAC : BBB 


BPDU 


Switch : C 
Priority : 32768 
MAC : CCC 



BPDU exchange 
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Switch : A 
Priority : 32768 
MAC : AAA 



Switch : B 
Priority : 32768 
MAC : BBB 


BPDU 


Switch : C 
Priority : 32768 
MAC : CCC 
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Types Of BPDUs 
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• Configuration BPDU 

• Topology Change Notification BPDU 

• Topology Change Acknowledgement BPDU 
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Protocol 

Version 

Message 

type 

Root ID 

Cost 

Bridge ID 

Port ID 

Message 

Age 

Max Time 

Hello 

Forward 

Delay 

1 B 

1 B 

1 B 

8 B 

4 B 

8 B 

2 B 

2 B 

2 B 

2 B 

2 B 
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STP Port States 


• Disabled State: 

• Layer 2 port does not participate in spanning tree and does not forward 
frames. 
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• Blocked State: 

• Only receives BPDU's 

• Stays for20 sec 

• Listening State: 

• Receives and Sends BPDU's 

• Stays for 15 sec 



STP Port States 
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• Learning State: 

• Receives and Sends BPDU 

• Learns Mac address 

• Stays for 15 sec 

• Forwarding State: 

• Receives and Sends BPDU 

• Learns Mac address 

• Forwards data 
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STP Timers 


zoom I 
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•Hello Timer 

• Determines how often root bridge sends configuration BPDUs. The default is 2 
seconds. 

•Max Age 

• how long to keep ports in the blocking state before listening. The default is 20 
seconds. 

•Forward Delay 

• how long to stay in the listening state before going to the learning state, and 
how long to stay in the learning state before forwarding. The default is 15 
seconds. 



Planning Root Bridge 
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lGbps 



D 
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Enhancements to STP 
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• Portfast 

• used for Access ports 

• port state switched from Disable to Forwarding 

• No delay, saves 50 seconds 

• Uplinkfast 

• configured on a switch with at least one Blocked port 

• the Blocked port switches to Forwarding state without any delay, saves 30 
seconds 

• Backbonefast 

• configured on all switches 

• if indirectly connected link fails, the switch with Blocked port switches to 
Forwarding state in 30 seconds, saves 20 seconds 
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STP Portfast 
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After Portfast is configured: 
The port state switches from 
Disable -> Forwarding 



STP Uplinkfast 
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witch C 


w 



When root port is down 

Blocks 

Forwarding 
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STP Backbonefast 



After backbone Fast 
15 listening 
15 learning 
Forwarding state 
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PVST 
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• Cisco proprietary 

• Single STP instance for each VLAN 

• Separate BPDU, Roots and Blocked Port 

• PVST work only on trunk link 

• PVST works only ISL, PVST+ works on ISL/DotlQ 
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Per VLAN Spanning Tree (Cont.) 
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VLAN 1 O - 
VLAN 20 .. 
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Rapid Spanning Protocol 


• Open Standard (IEEE 802.1w) 

• RSTP is enhanced version of STP 

• RSTP Election Process is similar to STP 

• RSTP is backward compatible with STP 802. ID 

• RSTP provides faster convergence 

• BPDU is send every 2 sec and hold 6 sec 

• Uplinkfast and Backbonefast are enabled by default 
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RSTP Port States 
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STP 

RSTP 

Disable 

Discarding 

Blocked 

Listening 

Learning 

Learning 

Forwarding 

Forwarding 
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RSTP Port States 
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Port States 

• Discarding 

Prevents the forwarding of data frames. 

• Learning 

Accepts data frames to populate the MAC table. 

• Forwarding 

Forwards data frames and determines the topology. 



RSTP Port Roles 
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RSTP Port Type 


ZOOM 




TECHNOLOGIES 


U 


• Link Type in RSTP are 

• Edge port: 

• Port configured with Portfast command 

• Non Edge Port: 

• Port without a Portfast command 

• Non Edge port are of two type: 

• Point to Point : Full Duplex links 

• Shared : Half Duplex Link 
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MST 


• Open Standard (IEEE 802.1s) 

• OneSTPfor a group of VLAN 

• Also Know as Multiple instance of Spanning tree 

• Backwards compatible with STP and RSTP 
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Multiple Spanning Tree 
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MST Regions 
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• MST configuration on each switch: 

• Name 

• Revision number 

• VLAN in Each Instance 


MST 
region A 
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MST Backward Compatibility 
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MST Region 


I mono 


Enabling Multiple SpanningTree 
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Switch(config)#spanning-tree mode mst 
• Enables Multiple SpanningTree 
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Configuring Multiple Spanning Tree 
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Switch(config)#spanning-tree mst configuration 
• Enters MST configuration submode 


Switch(config-mst)#name name 
• Sets the MST region name 


Switch(config-mst)#revision rev_num 
• Sets the MST configuration revision number 


Switch(config-mst)#instance inst vlan range 
• Maps the VLANs to an MST instance 




Protecting Against Unexpected 

BPDU 
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Root Guard 
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Attacker 


BPDU 


Root Bridge 
Priority = 0 
MAC Address = 
0000.0c45.la5d 

Root 

Guard 


Priority = 0 

MAC Address = 0000.0c45.1234 


Switch(config-if)# 


spanning-tree guard root 


* Enables root guard on a per-interface basis 
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BPDU guard 


• BPDU guard places a PortFast port into blocking state if a BPDU is received on that port 

• If a switch is attached to a port configured with Port Fast a layer 2 loop may occur, 
followed by a broadcast storm 

• Protects a port configured with PortFast 



0 


206 






BPDU Guard 
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Root 

Bridge 


BPDU 

Guard 

Enabled 


Attacker 

Switch(config)# 


STPBPDU 


spanning-tree portfast bpduguard default 


* Globally enables BPDU guard on all ports with PortFast enabled 
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• BPDU Filtering allows a switch to stop sending/receiving BPDUs on a port depending 
on how is configured. 

• BPDU Filtering configured on the interface level will completely stop sending and 
receiving of BPDU. 

• BPDU Filtering configured on the Global configuration level will remove the port fast 
state and transition the port through normal STP states. 

• SwitchB(config-if)#spanning-tree bpdufilter enable 
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Loop Guard 
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• Loop guard helps prevent bridging loops that could occur because of Software and 
Hardware failure 

• High CPU utilization may prevent BPDUs from being received or processed. 

• Loop Guard will place the interface in the loop-inconsistent state. 

• Switch(config-if)#spanning-tree guard loop 



0 


208 






Loop Guard 
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Loop Guard 

Switch :A 
ROOT 


Switch : B 
Non-Root 



Stops Sending BPDUs Port with loop gua rd Non-Root 

Due to a software bug Enable transition to 


loop-inconsistent state 
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• UDLD is similar to loop guard used to prevent loops caused by unidirectional links. 

• UDLD is typically used on fiber links. 

• Switch(config)#udld enable 




Unidirectional Fiber I i nk5 the failure 
either of either causes a potential 
loop. 
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Inter Vlan Routing 


I zoom I 
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* By default Layer 2 switch cannot forward the traffic between two different vlans. 


• A layer 3 device is required to forward the traffic between two different vlans. 

• A layer 3 device can be 

• Router 

• Multi Layer Switch 
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Inter Vlan Routing Methods 


• Legacy Inter Vlan Routing 

• Router On a Stick 

• Multilayer Switch 
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Legacy Inter Vlan Routing 
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• It is also called as traditional inter vlan routing. 

• Uses Router to perform Inter Vlan Routing. 

• Each vlan is connected to different physical interface of the router. 

• Packets would arrive on the router through one interface, leave through another 
interface. 

• Large networks with large number of VLANs require many router interfaces. 
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Legacy Inter Vlan Routing 
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172.17.10.1/24 


172.17.30.1/24 


VLAN 10 



VLAN 30 


172.17.10.21 


172.17.30.23 



Router On a Stick 


• The router-on-a-stick approach uses a different path to route between VLANs. 

• The Physical interface of the router is divided into one or more sub interfaces. 

• Vlans are assigned to sub interfaces instead of physical interfaces. 

• Each sub interface is configured with an IP address for the VLAN it represents. 

• Only one of the router's physical interface is used. 
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Router On a Stick 
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Trunk link 
carrying all 
VLANs 



I JQXDL 

i bhu 


Multi Layer Switching 
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• Multi Layer Switch can perform layer 2 as well as layer 3 functions. 

• Vlans are assigned to Switch Virtual Interface(SVI). 

• Each SVI is configured with an IP address for the VLAN it represents. 

• This method uses ASIC to forward the traffic between vlans. 
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Multi Layer Switching 
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10.0.S» A/24 


1 O 


VI AIM-Ill - AO 0.10.1/24 
WLAN 20 - 10.0.20.1/24 
VI AN-^O AO 0.%0.1/24 





WLAN *0» 10.0 lO ?/2« 
VLAM 20 - AO. 0.20.2/2-4 
WLAN- AO — 10.0 ID 2/24 


PC-1 

VI an i n 

10 . 0 . 10.11 


PC-2 
VI AIM -2 O 

10 . 0 . 20.21 


PC-3 

VLAN-20 

10 . 0 . 20.22 


PC-4 
VI AN-30 
10.0.30.3 1 



Multilayer Switch 
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Switch Port 


The Switch port can work like Ethernet port on Router. 
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By default the port works like Layer-2 port, we can enable it to work like Layer-3 
port. 

To configure it 

• SW(config-if)#noswitchport 

• Assign IP and Subnet Mask 

• Router Port can be used in Routing protocols. 



Supervisor Engine 
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Layer 3 Switching components 


I zoom I 
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Packet Switching: 

CEF 

ASIC 

Layer 2 = layer 3 = layer 4 



Router Processing: 
Path Determination 
Load Balancing 
Multi Routing 
Protocol Support 
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Packet Switching Methods 


• Process Switching 

• Fast Switching 

• CEF - Cisco Express Forwarding 
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Process Switching 
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• Process Switching is the oldest method of performing packet switching 

• Process switching requires the CPU to be personally involved with every forwarding 
decision. 

• The switching decision is made on a per packet basis 

• Process switching is the slowest method of packet switching 

To enable Process Switching 
Router(conf-if)#no ip route-cache 
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Process Switching 
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Fast Switching 
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Fast switching improves on process switching by making use of a cache 

The first packet to a destination is still process switched. Future packets to this destination 
will be switched using information from the fast cache, thus improving on the speed of 
this switching method. 

To enable Fast Switching 
Router(conf-if)#/p route-cache 
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Fast Switching 
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Incoming Packets 


Outgoing Packets 



Control Plane 


r 




CPU 

-o 

* 

f-g C- 


\-s£fe. J 




v / 


i \ 


* ^ 

Ingress 
Interlace 
J 


f N 

Fast 

Cache 


Egress 

Interface 




Subsequent 
Packets in a Data 
Flow 


Subsequent 
Packets tn a Data 
Flow 


Data Plane 



CEF - Cisco Express Forwarding 
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• CEF uses two components to perform packet switching 

• Forward Information Base 

• Adjacency Table 

• Forward Information Base is similar to Routing Table, Adjacency Table is similar to ARP 
Table 

• To enable CEF 

Router(conf-if)#/'p route-cache cef 
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Displaying CEF Entries in the FIB 
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Switch#show ip cef [type/slot/port number] [detail 
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Single Points of Failure 



Redundancy within a device 
Catalyst Supervisors 
Power supplies 
Fans 

Hot-swappable Module 


Building 

Access 


Building 

Distribution 


Campus 

Backbone 


Server 

Distribution 


Server 

Access 



Host 


Other 

Sites 


Server 
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Redundant Switched Network with No Single Point of Failure 
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Dual-Homed 

Host 


Building 

Access 


Building 

Distribution 


Campus 

Backbone 


Server 

Distribution 


Server 

Access 


j — ► Primary Forwarding Path 



Layer 2 
Switches 


Layer 2/3 
Switches 


Layer 2/3 
Switches 


Layer 2 
Switches 


Dual-Homed 



Supervisor redundancy 


Supervisor Engine 

Redundant Supervisor 
Engine 
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Power Supply 1 



ESD Ground Strap 
Connector 


Power Supply 2 
(Redundant) 
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Problem using default Gateway 
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HSRP Hot Standby Routing Protocol 

ZOOM J 



• Cisco proprietary 

• Provides Router redundancy 

• Routers are grouped together, to work as one virtual router 


• Group is identified by Group ID 

• Range 0- 255 (default is 0) 

• A router can be member of multiple groups 

• Two roles of Router 

• Active Router 

• Standby Router 
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IP 192.168.1.100 


IP 192.168 



IP 192.168.1.11 
GW 192.168.1.250 



IP 192.168 1.200 
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IP 192.168.2.1 


IP 192.168.2.200 



HSRP Group 
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OLOGIES^ 
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IP 192.168.1.100 


IP 192.168.1.11 
GW 192.168.1.250 
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HSRP Active router Role 


IP 192.168.1.11 
GW 192.168.1.250 
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HSRP Backup Role 


IP 192.168.1.11 
GW 192.168.1.250 


IP 192.168.1.200 


Active Router 



Standby Router 
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IP 192.168.2.1 
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E 
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IP 192.168.2.200 
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HSRP Elections 
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HSRP is an Application Layer Protocol 


• Uses UDP port 1985, multicast address 224.0.0.2 for hello message 

• Hello will be sent every 

• Hello = 3 sec and hold = 10 

• HSRP Election priority 

• Router with highest Priority 

• Router with highest Physical IP 
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HSRP Group 
47 



IP 192.168.1.11 
GW 192.168.1.250 




IP 192.168.1.200 


Active Router 



Standby Router 
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IP 192.168.2.1 



IP 192.168.2.200 



HSRP Configuration 


ZOOM 

^TECHNOLOGIES, 


U 


To create and assign ip address in HSRP group 
Router(config-if)#standby <Group No> ip <ip add> 

Default priority is 100 

Router with highest priority will win the elections 
To change the Router priority 

Router(config-if)#standby <group no> priority <pri> 



0 


228 








HSRP States 


• Initial 

• Listen 

• Speak 

• Standby 

• Active 
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HSRP Group 


47 



IP 192.168.2.200 


Active Router 


Standby Router 


IP 192. 


Priority 100 


IP 192.168.1.200 


A 

IP 192.168.1.11 
GW 192.168.1.250 
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HSRP after Preempt 


IP 192.168.1.11 
GW 192.168.1.250 


HSRP Group 
47 


IP 192.168.1.100 

— 

Priority 100 


Standby Router 




Priority 150 


My Priority is High I 
will become Active 
Router 



Active Router 


IP 192.168.1.200 
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IP 192.168.2.1 


IP 192.168.2.200 



HSRP Interface Tracking 
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IP 192.168.1.11 
GW 192.168.1.250 




IP 192. 


Priority 150 


Active Router 


IP 192.168.2.1 


Standby Router 


■a 

IP 192.168.2.200 
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HSRP Interface Tracking 
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IP 192.168.1.11 
GW 192.168.1.250 


IP 192.168.1,100 



Priority 150 


Active Router 





IP 192.168.2.1 


Standby Router 


IP 192.168.1.200 


IP 192.168.2.200 



HSRP Interface Tracking 


b(config-if)#standby <Group No> track s 0 31 
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IP 192.168.1.11 
GW 192.168.1.250 



IP 192.168.1.100 

— 


Priority 150 


SO 


Priority 120 




IP 192.168.1.200 


Active Router 



Standby Router 
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HSRP track Command 
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Router(config-if)#standby <G No> track <int type> <no> <Priority> 

To decrement amount of priority from HSRP 
When ever interface go down 

Note Preempt command is pre required on both router for this command to work 
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VRRP 


• Open Standard protocol 

• Provides Router redundancy 

• Routers group together to work as one virtual router 

• Group is identified by Group ID 

• Range 0- 255 (default is 0) 

• Group has two types of router 

• Master router 

• Backup Router 
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• Master Router 

• Only one master per group 

• Actively forwards traffic coming for virtual IP 


• Backup Router 

• Multiple Backup routers per Group 
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VRRP Elections 


VRRP is a Network Layer Protocol 
Uses 224.0.0.18 for hello 


• Hello will be send only by master 

• Hello = 1 sec and hold = 3 X hello + skew timer 

• Skew = (256 - priority) / 256 

• VRRP Election priority 

• Router with physical IP = Virtual IP 

• Router with highest Priority 

• Router with highest Physical IP 



VRRP 
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Routei A 
Virtual router 
Maslei 


Ruuter A 
Virtual router 
Backup 


Ruutei A 
Virtual router 
Backup 


■N 




Virtual router 
ij> address 10.0.0.1 


Client A Client B 


Client C 
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VRRP Configuration 
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Router(config-if)#vrrp <G No> ip <IP Add> 

To create VRRP Group and assign IP Address 


Router(config-if)#vrrp <G No> priority <Priority> 
To Configure VRRP Priority for Election 



Load-Balancing With HSRP/VRRP 
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IP 192.168.1.10 
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IP 192.168.1.2 



IntEO 

IP address 192.168.1.100 255.255.255.0 

Standby 10 ip 192.168.1.1 
Standby 10 priority 150 

endby 20 ip 192.168.1.254 
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IP 192.168.2.1 


lntE0/0 

IP address 192.168.1.200 255.255.255.0 
Standby 10 ip 192.168.1.1 
Standby 20 ip 192.168.1.254 
Standby 20 priority 150 


a 


IP 192.168.2.200 
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Load-Balancing With HSRP/VRRP in Multilayer Switch 
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Int VLAN 10 

IP address 10.10.0.100 255.255.255.0 
Standby 10 ip 10.10.0.1 
Standby 10 priority 150 
Int VLAN 20 

IP address 10.20.0.100 255.255.255.0 
Standby 20 ip 10.20.0. 1 


Int VLAN 10 

IP address 10.10.0.200 255.255.255.0 
Standby 10 ip 10.10.0.1 
Int VLAN 20 

IP address 10.20.0.200 255.255.255.0 
Standby 20 ip 10.20.0. 1 
Standby 20 priority 150 
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GLBP 


• Cisco proprietary protocol 

• Provides Router redundancy with load balancing 

• Routers group together to work as one virtual router 

• Group is identified by Group ID 

• Range 0 - 1024 (default is 0) 

• Group have two type of router 

• AVG 

• AVF 
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• AVG 

• Active Virtual Gateway 

• Reply for ARP coming for Virtual IP 

• Divides load among AVF 

• One Per group 

• AVF 

• Active Virtual Forwarder 

• Forwards user traffic coming for Virtual MAC 

• There can be up to four forwarder per group 
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GLBP Elections 


• GLBP have two elections per Group 

• Active Virtual Gateway 

• Router with Highest Priority (default 100) 

• Router with Highest Physical IP 

• Only one AVG Per group 

• Election are non-preemptive 

• Active Virtual Forwarder 

• Router with Highest weight (default 100) 

• Router with Highest Physical IP 

• Up to four AVF Per group 

• Election are preemptive 
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IP 192.168.1.1 
GW1Q? 1 68.1.150 


IP 192.168.1.100 



IP 192.168.1.200 


IP 192.168.2.1 


IP 192.168.2.200 
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GLBP 


zoom I 
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IP 192.168.1.1 
GW 192.1 68.1.150 


jW 192.1 68.1.15 

ARP 

— 4 * 


9 =7 

IP MAC 
1. 150-0000. 0c0(l. 0001 


IP MAC 
■ 15Q-QQ00.0cjQ.0002 


I 


ARP 

n 


G C N ft 


IP 192.168.1.100 



WG/AVF 

V-IP192.168>4k) 
V-MAC 0000. OcOO^ 


AVF 

V-MAC 0000.0c 



IP 192.168.1.200 


V- — 1 — ' — - 



IP 192.168.2.1 



IP 192.168.2.200 
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GLBP 
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IP 192.168.2.1 


IP 192.168.1.1 
GW IQ? 168.1.150 


iW1Q7 1 68.1.1- 

at- 1 


IP MAC 
1.150- 0000.0dll0.0001 


IP 192 


V-MAC 0000. OcOO 


IP MAC 

J.5Q- QQOO.Oci 


mn 

OTO 


J.0002 


IP 192.168.1.200 


AVF 


.150 


IP 192.168.2.200 
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• The Virtual Switching System (VSS) allows two Cisco Catalyst 6500 or 4500 to combine 
together as one mega switch 


• Other devices will see the VSS configured 6500 as a single device 

* Two switches will be combined by using a special link called a Virtual Switch Link( VSL) . 


Virtual Switch Domain 



Virtual 
Switch Link 


«=E3I 


Switch 1 + Switch 2 



VSS— Single 
Logical Switch U 
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Without VSS 
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Distribution 


Access 


Switch Block 


Switch Block 


Switch Block 
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Switch Block 


Switch Block 


Switch Block 














Recommended Switch Security 


I zoom I 
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• Configure Secure Passwords 

• Configure basic ACLs 

• Secure physical access to the console 

• Secure access to VTYs 

• Configure system warning banners 

• Disable unneeded services 

• SSH 
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AAA 
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• Authentication 

- Verifies a user's identify 

• Authorization 

- Specifies the permitted tasks for the user 

• Accounting 

- Provides billing, auditing and monitoring 



AAA in a Nutshell 
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• Authentication provides the method of identifying users. 

The most common method of authentication is username/password. 

• Authorization provides a method of controlling access to what a user can do. 

Authorization is usually tied to a policy, profile or group. 

• Accounting provides a method for collecting and sending security server information used for 
billing, auditing, and reporting. 

Accounting collects data as to what a user did once logged in 
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Authorization 
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Authentication 


V/Vh-o are you"? 



Accounting 

What did you spend it on? 


which resources the user is allowed to access and which 
operations the user is allowed to perform? 




AAA 
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• AAA can be implemented with the help of two protocols 

• Radius 

• Tacacs+ 
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To enable AAA 
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• Switch(conf)#aaa new-model 

• Switch(conf)#aaa authentication login default group radius 

• Switch(conf)#radius-server host 192.168.0.1 key zooml23 

• Switch(conf)#line vty 0 4 

• Switch(conf-line)#login authentication default 



Switch Attack Categories 
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• MAC Flooding Attack 

MAC Flooding attack is a type of attack where switch port will receive large number of 
Frames with Fake MAC addresses. 

*VLAN Hopping Attack 

VLAN hopping (virtual local area network hopping) is a method of attacking a network by 
sending packets to a port that is not normally accessible from a given end system. 

• Spoofing Attacks 

Switch spoofing can occur when the switch port an attacker connects to is either in trunking 
mode or in DTP auto-negotiation mode 
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MAC Flooding Attacks 
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Network Access Port Security 
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Network Access Port Security 
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0/2 

Vlan 10 



Switch(c)#interface fa 0/2 
S witch (c-if )#switch po rt po rt-secu rity 
Switch(c-if)#switchport port-security max 1 
Switch(c-if)#switchport port-security mac-address 
0000.0000.000a 

Switch(c-if)# switchport port-security violation 
<shutdown | protect | restrict> 



Verification of port security 
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Switch#show port-security 


Switchtshow port-security 
Secure Port MaxSecureAddr 

(Count) 

CurrentAddr 

(Count) 

SecurityViolation 

(Count) 

Security Action 

Fa5/1 

11 

11 

0 

Shutdown 

Fa5/5 

15 

5 

0 

Restrict 

Fa5/ll 

5 

4 

0 

Protect 

Total Addresses in 
Max Addresses limit 

System: 21 
in System: 

128 
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VLAN Hopping 
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Hacker 


Trunk 



FaO/3 


FaO/2 

Trunk 



r- 


Vlan 10 


B 



Type of ACLS 
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Router 


Input RACL 
VLAN 10 


Output RACL 
VLAN 20 


VLAN 10 


VLAN 20 


VACL 


VACL — 
VLAN 20 


VLAN 10 
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VLAN Access List 
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• Used to filter traffic within one Vlan 

• It is configured using access-map 

• It is implemented per VLAN 

• It can filter the traffic base on MAC 

• Extended MAC list is Required 



Vlan Access-list 
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Creating Extended MAC ACCESS list 
s(c)#mac access-list extended zoom 

s(c-ext-macl)#permit 0000.0000.000a 0000.0000.0000 0000.0000.000b 0000.0000.0000 

Creating Access-map 
s(c)#vlan access-map V10 10 
s(c-access-map)#match mac address zoom 
s(c-access-map)#action drop | forward 

Implementing 

s(c)#vlan filter vlO vlan-list 10 
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Switchport Protected 
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Protected port is a feature on Cisco switches that is used to prevent interfaces are 
communicating with each other. 



Un prc :ected 



DHCP Spoofing 
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• DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from 
clients and answers them with fake DHCP Response before the authorized DHCP 
Response comes to the clients. 

• The fake DHCP Response often gives its IP address as the client default gateway -> all 
the traffic sent from the client will go through the attacker computer, the attacker 
becomes a "man-in-the-middle". 


• The attacker can have some ways to make sure its fake DHCP Response arrives first. In 
fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do 
anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response. 
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DHCP Spoofing Attacks 
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“Got it, thanks!" 


C ,iof ? heed an IP address/mask, 

default gateway, and DNS server." 


“Already got the info." 

All default gateway frames and 
DNS requests sent to Rogue. 


“I can now forward these 
on to my leader." (Rouge) 


“‘Here you go." 
(Legitimate) 


Legitimate 
DHCP Serve 


“ Here you go, I might 
be first!" (Rouge) 


Rogue DHC 
Attacker 


DHCP Snooping 
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• Cisco Catalyst feature that determines which 
switch ports can respond to DHCP requests. 


• Trusted ports can source all DHCP messages 
while untrusted ports can source requests only. 
Should not send any DHCP server responses, 
such as DHCPOFFER, DHCPACK, or DHCPNAK 

• If a rogue device on an untrusted port attempts 
to send a DHCP response packet into the 
network, the port is shut down. 
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DHCP Snooping 
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DHCP Snooping Configuration 
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• Switch(config)#ip dhcp snooping 


Switch {config) #ip dhcp snooping 
• Enable DHCP snooping globally 


Switch (config) #ip dhcp snooping information option 
* Enable DHCP Option 82 data insertion 


Switch(config-if) #ip dhcp snooping trust 
- Configure a trusted interface 


Switch (config) #ip dhcp snooping vlan number [number] 
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DHCP Snooping Configuration 
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Switch(config)#ip dhcp snooping 
(enable dhcp snooping globally) 

Switch(config-if)#ip dhcp snooping trust 
(configure trusted interface) 

Switch(config)#ip dhcp snooping vlan number[number] 
( enable dhcp on vlans) 



Verification of DHCP Snooping 
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Switch# show 

ip dhcp snoop 

ing 

• Verify the DHCP snooping configuration 

Switch# show ip 

dhcp snooping 


Switch. DHCP snoo 

ping is enabled 


DHCP Snooping is 

configured on the 

following VLANs : 

lO 30-40 lOO 

200-220 


Insertion of option 82 information 

is enabled. 

Interface 

True ted 

Rate limit (pps) 

Fas tE the rne 1 2 / 1 

yes 

none 

Fas tE the rnec2 /2 

yes 

none 

Fas tE the rne t3 / 1 

no 

20 

Switch# 





0 


253 










Dynamic ARP Spoofing 
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• ARP Spoofing is a type of attack where attacker sends fake arp messages to 
implement man in the middle attacks. 

• Dynamic ARP inspection prevents ARP spoofing by checking all ARP requests and 
ARP replies. 

• DHCP snooping must be configured before enabling DAI. 

• Dynamic ARP Inspection uses DHCP snooping binding 
table to protect against ARP spoofing attacks. 

• The switch checks the MAC to IP binding in the ARP reply with the DHCP snooping 
database. 

• Drops invalid ARP replies. 



ARP Spoofing 
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1. ARP Request 
2 MAC for 10.1.1.1 

► 


2. Legitimate ARP Reply 
10.1.1.1 = C.C.C.C 

◄ 


IP 10.1.1.2 
MAC A. A. A. A 



ARP Table in A 

10.1.1.1 = MAC B . B. . B . B 


1 



IP 10.1.1.3 
MAC B.B.B.B 




c 

IP 10.1.1.1 
MAC C.C.C.C 

Subsequent Spoof ARP Replies 
Overwrite Legitimate Replies 


IP = 

10.1.1.1 

bound 

to 

B.B.B.B 


IP » 

10.1.1.2 

bound 

to 

B.B.B.B 


ARP Table In B 

10.1.1.1 = MAC C.C.C.C 

10.1.1.2 = MAC A. A. A. A 


0 
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Dynamic ARP Inspection 
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DHCR! 


IP Ad d r 

VLAN 

MAC 

LeaseTim e 

Port 

O hecks um 

1 0.1 .1.1 

10.1.1. 26 

22 

22 

OOeO.fcSo .Oel fc» 

OOeO. 2243 . 3c4c 

3EBE28 SI 

34ABE43 E 

Gil /I 

Fe 3/S 

eSel o 733 

am res b 



A R P re-ci : 
P:10.1. 1.26 

MAC77V 


ARP recj: 
F» 10 . 1 . I . 1 



I nspector 



Client 
TO. 1.1. 26 


rvi 


ARP reply: 

IF* . 10.1.1 

:00«0.fcail3. aOc 



ARP reply: 
IP : ■ o. 1 . 1.1 

AO. OOeO. fctalj 


M AO: OOeO Ton L> nOc2 



Dynamic ARP Inspection 
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Configure DAI on switch: 

Switch(config)#ip arp inspection vlan < vlan-range> 
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Private Vlan 
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Vlan lO-Primary 

I 192.168.1.100 





Private Vlan 
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• Private vlan = vlan inside of vlan 

• Private-vlans mainly used by service provider networks. 

• Private vlan is the combination of primary and secondary vlan. 

• Primary vlan's are same as normal vlans 
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Private Vlan 
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Secondary vlans will work in two modes 

• Community : Ports belong to this vlan will communicate with each other 

• Isolated : Ports belong to this vlan will not communicate with each other 

Port assigned to Private vlan will work in two modes 

• Host : belongs to one private vlan 

• Promiscuous : belongs to multiple private vlan 



Storm Control 
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Storm control is the method to control the traffic on particular interface. 
There are 3 kinds of traffic you can manage on the interface 
Unicast 
Multicast 
Broadcast 
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Switch Path 
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Ether Channel 


• Logical aggregation of similar links 

• Viewed as one logical port 

• Switch-level load balancing 

• Redundancy 

• Can be used between switch to switch. Router, firewall and server 
Note: 

Only similar physical link with same configuration can be aggregated. 
Max 8 similar links can be bundled (depend on Hardware) 
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Ether Channel 
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• Ether channel configuration can be done in two ways 

* Static (always On mode) 

• Dynamic (using PAgP, LACP) 
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Configuring EtherChannel 


• EtherChannel must be supported. 

• Speed and duplex must match. 

• VLAN match - All interfaces are in the same VLAN. 

• Range of VLAN - Same range on all interfaces. 
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SWl ^fX“ cd Hot h port % 

duplex vl<*M lGbpi» Full lO 




Bothporl. S.W2 HX-cd 

Lb bps lull lO dupfe.vUn 


Ether channel not formed 



Port and Link Aggregation 
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• Port Aggregation Protocol (PAgP) 

• Cisco-proprietary protocol 

• PAgP Have two Mode Desirable / Auto 

• Link Aggregation Control Protocol (LACP) 

• Defined in IEEE 802. 3ad 

• LACP have two mode Active / Passive 
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Configuring PAgP 
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Switch (config) #interf ace type <mod/num> 


Switch (config-if) #channel -protocol <pagp/lacp> 


Switch (config-if) # channel -group <no> mode {on | auto | 
desirable | Active | passive } 


• Configures the interface in a port-channel and specifies the PAgP mode 



Verifying EtherChannel 
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Switch#show running-config interface port-channel num 

• Displays port-channel information 


Switch#show running-config interface Interface x/y 

• Displays interface information 

Switch#show run interface port-channel 1 

Switch#show run interface gig 0/9 


Building configuration. . . 
Current configuration: 

j 

interface GigabitEthernet 0/9 
no ip address 

channel-group 1 mode desirable 
end 


Building configuration. . . 
Current configuration: 

i 

interface Port-channell 
no ip address 
no ip directed-broadcast 
end 
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Verifying EtherChannel (Cont.) 
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Switch#show etherchannel num port-channel 


• Displays port-channel information after configuration 

Switch#show etherchannel 1 port-channel 


Port-channels in the group: 


Port-channel: Pol 


Age of the Port-channel = Old: Olh: 31m: 38s 
Logical slot/port = 1/0 Number of ports = 2 

GC = 0x00020001 HotStandBy port = null 

Port state = Port-channel Ag-Inuse 

Ports in the Port-channel: 

Index Load Port EC state 

+ + + 

0 00 Gi0/9 desirable-sl 

0 00 Gi0/10 desirable-sl 


i ni r 

I iiiii 


Time since last port bundled: OOd: 20h: 04m: 38s Gi0/9 



Ether Channel Load balancing 
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• Data sent across an Ether Channel is not load-balanced equally among all interfaces. 

• Ether Channel utilizes a load-balancing algorithm, which can be based on several forms 
of criteria, including: 
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Ether Channel Load balancing 
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• Source IP Address (src-ip) 

• Destination IP Address (dst-ip) 

• Both Source and Destination IP (src-dst-ip) 

• Source MAC address (src-mac) 

• Destination MAC address (dst-mac) 

• Both Source and Destination MAC (src-dst-mac) 

• Source TCP/UDP port number (src-port) 

• Destination TCP/UDP port number (dst-port) 

• Both Source and Destination port number (src-dst-port) 



Configuring EtherChannel Load Balancing 
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Switch (config) #port-channel load-balance type 

• Configures EtherChannel load balancing 
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Simple Network Management Protocol 
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• SNMP is a protocol used for network management, i.e. to monitor and configure 
devices on IP networks. 

• SNMP works in Application Layer (Layer 7) 

• SNMP uses UDP 

• SNMP uses port No. 161 
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SNMP Components 
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• SNMP MANAGER 

• SNMP AGENT 



SNMP Functions 
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• Monitor Network Performance 

• Audit Network Usage 

• Detect Network Faults 

• Detect Inappropriate access 

• Configure remote devices 
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SNMP Manager 


zoom I 
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* SNMP Manager is a software that collects information from network devices. 


• SNMP Manager is installed on a workstation or PC to manage the network. We call this 
PC or Workstation as Network Management System. 

• EX: PRTG, Cisco Prime , Solar Winds 



SNMP Manager 
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SNMP Agent 
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SNMP Agent is the software that is installed on network managed devices such as 
Router (or) Switch (or) Server (or) PC. 


• Agents collects information and then sends it to monitoring station whenever it is 
asked. 

• Agents are usually built into your network hardware and software. They simply need to 
be enabled. 



SNMP Agent 
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• In Polling method, SNMP Manager continuously asks a network device to report the 
statistics of device. 

• Example: Interface Status of Router. 

• Request is sent from SNMP Manager to Agent. 



ZOOM 

V ECHNOLOGIES 


U 


• Trap is where device reports an event to NMS, for example whenever High CPU utilization or High 
Memory Utilization or Link Down is detected. 
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SNMP Modes 


• Read - Only Mode: 

• used to retrieve information from network devices. 
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• Read - Write Mode 

• Used to retrieve the information from network devices as well as to configure the 
devices. 



Management Information Base 
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• Management Information Base (MIB) contains collection of information which is 
organized hierarchically. 

• Management Information Base contains- 

• Object name 

• Object Identifier 

• Read/Only or Read/Write Type 
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Object ID structure 
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SNMP Versions 
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• SNMP VI 

• SNMPV2 

• SNMPV3 
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SNMP Version 1 


ZOOM 

^TECHNOLOGIES 


! U 


• It is the initial version of SNMP Protocol. 

• Data is sent in the clear text format. 

• It should be used in private networks only. 

• They use the community string to authenticate the peers. 

• Uses Get Request to retrieve the information about particular object. 



SNMP Version 2 
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• SNMP Version 2 is the enhanced version of SNMP. 

• Improved Error Handling and Error Reporting 

• Get Bulk Request command is used to retrieve the information . 

• It also uses community string to authenticate the peers. 
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SNMP Version 3 
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• Provides secure access using authentication and encryption. 

• Consumes more CPU memory compared to other versions. 

• It defines 3 Security levels. 



SNMP configuration 


Requirement: 
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• Configure SNMP on your router or switch 

• Router(config)#snmp-server enable traps 

• Router (config)#snmp-server host 192.168.0.50 version 2c public 

• Router(config)#snmp-server location Hyderabad 

• Router(config)#snmp-server contact zoomgroups 
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What is Syslog 
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• Syslog is a standard for message logging. 

• Syslog is a network management protocol which allows network devices to report 
error and notification messages either locally (or) to a remote syslog server. 

• Syslog messages are sent in plain text using UDP port No. 514. 
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What is Syslog 
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Administrators 
check for Syslog 
messages. 
Troubleshooting/ 
monitoring 



Syslog 
Messages Sent 
to Syslog Server 



Syslog Server 


Syslog server 
sends alerts to 
administrators 



Syslog Components 
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• Syslog Server 

• A host that accepts and processes log messages from 1 or more syslog clients. 

• Syslog Client 

• A host that generates log messages and forwards them to a syslog server. 

• Ex: Router, switch, firewall, modem 
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Syslog Message Format 
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Facility Mnemonic 

%SYS-5-C0NFIG I: Configured from console by console 

Severity 



Configure syslog 


Requirement: 
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• Configure syslog server to store the messages in a server. 

• Rl(config)# logging on 

• Rl(config)fflogging 192.168.0.50 

• Rl(config)#logging trap i4 

• Verification: 

• Rlttshow logging 
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Telnet vs SSH 
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Telnet 

SSH 

Port No. 23 

Port No. 22 

Uses TCP 

Uses TCP 

Not Secured 

Secured 

Works in Application Layer 

Works in Application Layer 

(Layer 7) 

(Layer 7) 
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Telnet vs SSH 


I zoom I 
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Telnet 

SSH 




> Telnet is a protocol which allows you to access any > SSH is a protocol which allows you to access any 

device remotely. remote device securely 

> It sends the data in Clear-Text format. > It sends the data in Encrypted format. 



SSH configuration 


Requirement: 
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• Configure SSH on SW1. 

• SWl(config)#hostname ssh 

• SWl(config)#ip domain-name zoom.com 

• SWl(config)ffcrypto key generate rsa 

• SWl(config)ff line vty 0 4 

• SWl(config-line )# transport input ssh 

• SWl(config-line )#login local 

• SWl(config-line )#password zoom 

• SWl(config-line )#exit 

• Verification: 

• SWlffshowip ssh 
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NTP 


* Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) is the global 
standard for time representation. 

* Most of the network enabled devices have two clock sources 

• Hardware clock 

• Software clock 
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NTP 
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• NTP provides accurate timing services to each and every network enabled device. 

• It provides automatic synchronization of device clock with one or more time 
servers which provide accurate time. 

• NTP uses UDP port number 123 . 
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• NTP servers are described in terms of stratum 

• (hierarchical levels). 

• Stratum defines the accuracy of the clock. The most accurate clock is referred as 
reference clock or stratum 0 clock. 

• Each NTP server assigned a stratum one higher than the upstream device with which is 
synchronized. 
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NTP Configuration 
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• NTP can be disabled on a particular interface 

• Router(config-if)# ntp disable 

• Configure NTP in Cisco Device- 

• R(config)# ntp source <interface> 

• R(config)# ntp authenticate 

• R(config)# ntp authentication-key <number> md5 <key> 

• R(config)# ntp trusted-key <key-number> 

• R(config)# ntp server <ip-address> key <key-id> 
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IP SLA 


• IP SLA is a technology from Cisco that actively monitors traffic to measure the 
performance of the network. 

• Performance of the network can be measured by using following parameters 

- Jitter 

- Latency 

- Packet Loss 
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Configure SLA 


Configure SLA on Router 


ZOOM 




ECHNOLOGIES, 


D 


• R(config)# ip route 0.0.0.0 0.0.0.0 s0/0 Trackl 

• R(config)# ip route 0.0.0.0 0.0.0.0 sO/1 20 

• R(config)# track 1 rtr 1 

• R(config)# ip sla 1 

• R(config)# icmp-echo 30.1.0.1 destination IP> 

• R(config)# frequency 5 

• R(config)# exit 

• R(config)# ip sla schedule 1 start-time now life forever 

• R(config)# end 

• R# Show IP SLA Statistic 
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DHCPV4 
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* DHCP is a dynamic way of assigning network configuration parameters to clients. 


• DHCP uses port number 67 and 68. 


• DHCP uses DORA process. 

• DHCP uses broadcast packets. 



DHCP client broadcasts 
discover message. 

DHCP server unicasts 

offer message. 

DHCP client responds 

with request message 

DHCP server completes the process 
with acknowledgment message. 



Server 


fl 

Server 
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Configuring a router as a DHCP server 
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• Requirement: 


• Configure DHCP server as R1 router. 

• Assign IP address on Lan interface of the R1 router. 

• Rl(conf)# interface fastethernet 0/0 

• Rl(conf-if)# ip address 192.168.5.1 255.255.255.0 

• Rl(conf-if)# no shutdown 

• Rl(config)#ip dhcp pool zoom 

• Rl(dhcp-config)#network 192.168.5.0 255.255.255.0 

• Rl(dhcp-config)#default-router 192.168.5.1 

• Rl(dhcp-config)#dns-server 192.168.5.1 

• Rl(dhcp-config)#end 




• Rl(config)# ip dhcp excluded-address 192.168.5.1 

• Rl(config)#ip dhcp pool zoom 

• Rl(dhcp-config)#lease 1 

• Verification: 

• Rl#show ip dhcp binding 
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DHCP Relay Agent 


ZOOM 

^TECHNOLOGIES. 


u 


• DHCP Relay Agent forwards DHCP messages between DHCP clients and DHCP Servers 
which reside on different IP network. 


* By default router will not forward broadcasts, DHCP relay agent will convert broadcast 
into unicast packets. 




0 


285 







To Configure a router as a DHCP Relay Agent 
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Router(config-if)# ip helper-address <DHCP server IP address> 
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SPAN and RSPAN 
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• Switched Port Analyzer (SPAN) is also called Port Monitoring; used for Network 
Analysis. 

• SPAN allows you to select one or more ports for analysis . 

• SPAN is used to monitor devices on only one switch. 

• Remote SPAN is used to monitor devices on more than one switch . 



SPAN Configuration 
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* Switch(config)#monitor session 1 source interface fa 0/2 

• Switch(config)#monitor session 1 destination interface faO/1 
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RSPAN Configuration 
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SWl(config)#vlan 100 
SWl(config-vlan)#remote-span 
SW2(config)#vlan 100 
SW2(config-vlan)#remote-span 

SWl(config)#monitor session 1 source interface fastEthernet 0/1 
SWl(config)#monitor session 1 destination remote vlan 100 
SW2(config)#monitor session 1 source remote vlan 100 
SW2(config)#monitor session 1 destination interface fastEthernet 0/2 
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Agenda 
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What is Network Monitoring 

Why Monitor Your Network..? 

Where it use 

How it works 

Functions 

About PRTG. 

Some practical things 
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What is Network Monitoring? 
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• Network Monitoring means continuously monitor a networks 
performance. 

• Bandwidth utilization, 

• Packet loss, 

• Latency(Delay) 

• availability and uptime 



Why Need To Monitor Network.? 
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• Optimize network reliability 

• Visualize network topology 

• Stay in touch with your network 

• Understand capacity utilization 

• Troubleshoot device and traffic issues 

• Save time in network administration 

• Track trends 

• Improve the bottom line 
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Function of network monitoring 
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• Administrators need to know what's happening on their networks at all times 

• Track Network performance 

• Diagnose problems quickly. 

• Keep Record of historical information 

• Intelligent notifications (via SMS and mail) 

• Save Time & Money.... 



About Network Monitoring Tool? 
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• There are so many network monitoring tools available on global platform. 

• Some of them are free and some are paid. 

• Free tools have some limitations. It can't give us deep performance 
information about network. 
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Paessler Router Traffic Grapher 
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PRTG is network monitoring software from Paessler AG. PRTG runs on Windows and monitors 
network availability and network usage using SNMP, Packet Sniffing, WMI, IP SLAs and Netfiow 
and various other protocols. 



Installation 
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Lher Account Control 


=3 


A] Do you want to allow the following prograrti to make 

changes to this compolec? 


Program nine Pf?TG Network Monrtcr 

9 Vtrihtd pvbtah «r: Paeufcr AG 

File origin Hard drive or thrt computer 


v Show details 


; ; j Wo ] 

Charge v»her these rotifteaticm appear 
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PRTG Network Monitor 



PRTG 

Network Monitor 


o AJAX WebGlfl (All features, optimized for desktop access) 

Mobile WebGUI (Limited functionality, optimized for mobile access) 
Enterprise Console & Mobile Apps (for Windows, iOS, Androw 


Login 


Forgot password? Need Help? 


Login 
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How It Works? 


^ PRIG Hetwcrt Mor<ot 
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Getting started with PRTG Network Monitor 
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PRTG Network Monitor 
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^ PPTG Network Memtcr - Enterprise Consoie - IT Alarms ani learnings 
F ilc Edit Viwr Help 

n) PRTG Network Monitor O O O Q B«B 
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Why Network Monitoring ? 
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Why Network Monitoring ? 



Saves Time 


Saves Money 


Offers Security 





PRTG Network Monitor consists of different parts which can be divided into three main 
categories: 


System parts 

• CQre Server 

• Probe(s) 

Control interfaces 

• Ajax Web Interface 

• Ente r prise Conso le 

• Mobile Web GUI 

• Smart Phone Adds 
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Basic administration interfaces 


• PRTG Server Administrator 

• PRTG Probe Administrator 
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What is Wireshark 
Where it use 
How it works 
Some practical things 





* Network analysis is the process of capturing network traffic and inspecting it closely to 
determine what is happening on the network. 
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• Wireshark is a network packet analyzer. A network packet analyzer will try to capture 
network packets and tries to display that packet data as detailed as possible. 

• Previously the packet analyzing was very difficult and it required expensive hardware. 

• Wireshark is one of the best open source packet analyzer available. 

• A packet analyzer is also known as a sniffer, network analyzer or protocol analyzer. 



Who and where is tool is use...? 
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• Network administrators use it to troubleshoot network problems 

• Network security engineers use it to examine security problems 

• Developers use it to debug protocol implementations 

• People use it to learn network protocol internals 

• Beside these examples Wireshark can be helpful in many other situations too. 
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Shark on wire 
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How it works? 
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For Windows 

- download 

(http://www.wireshark.org/download.html) 

-install 

- use -rrr. 
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Installation Process 
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STEP 2: 
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STEP : 8 




STEP : 9 
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Wireshark Graphical User Interface 


ZOOM 

^TECHNOLOGIES, 


SJ 


When you run the Wireshark program, the Wireshark graphical user interface shown in 
Figure 2 will de displayed. Initially, no data will be displayed in the various windows. 
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Troubleshooting Flow 
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Problem 

Reporting 



Problem 

Diagnosis 



Problem ^ 
Resolution 
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Popular Troubleshooting Methods 


• Top-down method 

• Bottom-up method 

• Divide and Conquer method 

• Following the Traffic path 

• Comparing configurations 

• Component swapping 
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Follow the Traffic path method 
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Component swapping 
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Port 1 


9<vap Cable 



Laptop A 



Switch SWi 



Pori 2 ** 


Swap Switcn Port 


Laptop A 



Switch SW 1 



Port 1 


Swap Laptop 


Laptop B 



Switch SWI 
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Network Maintenance 


zoom I 

^TECHNOLOGIES^ 

• What is Network Maintenance? 

• Doing whatever is required to keep the network functioning and meeting the 
business needs of an organization. 

• It is a very important responsibility or duty of the Network Administrator 

• It could also be a response to a reported problem 

• Proactively performing regular scheduled maintenance tasks reduces problems 



Basic Network maintenance toolkit 
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• CLI Tools 

• GUI Tools 

• Backup tools 

• Logging Tools 

• Network Time Protocol 

• Network Documentation Tools 



0 


313 








Examples of Network Maintenance 


• Hardware and Software installation and configuration 

• Monitoring and Tuning Network performance 

• Network expansion planning 

• Documentation of Network changes 

• Compliance with legal regulations and corporate policies 

• Securing the Network from Internal and External threats 
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Common Elements in Network Documentation 
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• Logical Topology Diagram 

• Physical Topology Diagram 

• Interconnections list 

• Inventory of Network equipment 

• IP Address Assignment 

• Configuration Information 

• Original Design Document 
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EIGRP Troubleshooting 
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EIGRP Troubleshooting 
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• Interface is down 

• Mismatched Autonomous Systems 

• Incorrect Network Statement 

• Mismatched K Values 

• Passive Interface 

• Different Subnet 

• Authentication 

• ACI 

• Timers 



OSPF Troubleshooting 
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users In branchoffkc X are not able to access the resources 192.168.1.0/24 network 
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OSPF Troubleshooting 
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• Interface is down 

• Interface not running the OSPF process. 

• Mismatched timers. 

• Mismatched area numbers 

• Mismatched area type 



OSPF Troubleshooting 
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• Different subnets 

• Passive interface 

• Mismatched authentication 

• ACL 

• MTU mismatch 

• Duplicate Router ID 

• Mismatched network types 
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OSPF troubleshooting 
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• MTU mismatch : 

• The maximum transmission unit of neighboring interfaces must match. 

• Deliberately configure a different MTU on interfaces of two routers sharing a link 

• Router(config)#int sl/0 

• Router(config-if)#ip mtu 100 

• Verify 

• Router#Sh run interfaces sl/0 

• After configuring verify by giving the neighbor command 

• The state will be exstart 



Redistribution 


ZOOM 

^TECHNOLOGIES, 


u 



Us«rs from brjnclloffV4? cannot cmiununluile with diiy resources out sldo Uh* brjm_hoffk_fc» 



0 


318 







Redistribution 


• Distribute list 

• Route-maps 

• Metric 

• AS number 

• Process-id 

• Hop count 
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BGP Troubleshooting 
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BGP Troubleshooting 


• Interface is down 

• Layer 3 connectivity is broken 

• Incorrect neighbor statement 

• Incorrect network command 

• BGP packets are sourced from wrong IP address 

• Mismatched of Authentication 

• Neighbor doesn't have a route 
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BGP Troubleshooting 
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• Next hop router is not reachable 

• BGP Split horizon 

• BGP Synchronization 

• Route Filtering 
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IPV6 Troubleshooting 
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Troubleshooting Trunks 
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Troubleshooting Trunks 
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• Encapsulation Mismatch 

• Incompatible Trunking modes 

• Native Vlan Mismatch 

• Allowed vlans 

• VTP domain name mismatch 
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Troubleshooting VTP 
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VTP Troubleshooting 
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• Domain name mismatch 

• Version mismatch 

• Mode mismatch 

• Password mismatch 
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VTP domain name mismatch 


• Sw_server(config) vtp domain zoom.com 

• Sw_client(config) vtp domain zoom.com 


ZOOM 

^TECHNOLOGIES 
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Note : the domain name is only propagated in the beginning if it is null then it will join 
the first domain but when it is already part of a domain then it won't update the 
domain name. That has to be done manually also on the clients. 



VTP Troubleshooting 
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• Domain name mismatch 

• Version mismatch 

• Mode mismatch 

• Password mismatch 
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Troubleshooting VLANS 
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• Incorrect IP address 

• Missing vlan 

• Incorrect port Assignment 



STP Troubleshooting 
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STP Troubleshooting 
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• No Trunking connectivity 

• STP disabled 

• Portfast 

• BPDU Guard and BPDU filter 

• Loop Guard 



ETHERCHANNEL Troubleshooting 
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ETHERCHANNEL Troubleshooting 
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• Mismatched Port configurations 

• Mismatched Etherchannel Configuration 

• Mismatch of Protocol 



Inter Vlan Routing Troubleshooting 
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FaO/O.l 

192.168.5.1 


Fa0/0.2 

192.168.6.1 
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Inter Vlan Routing Troubleshooting 
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Switch Security 
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Switch Security Troubleshooting 
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• Port security configured but not enabled 

• A static MAC address was not configured correctly 

• The maximum number of MAC addresses has been reached , preventing access 

• Legitimate users are being blocked because of violation 

• Running configuration not saved to startup configuration 



Troubleshooting FHRP 


ZOOM 

^TECHNOLOGIES, 






0 


329 






FHRP Troubleshooting 
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• Group number 

• Same virtual IP address 

• Priority 

• Preemption 

• Interface tracking 
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MCSE-2012 fuii Course 


MICROSOFT CERTIFIED SOLUTIONS EXPERT 


Practicals in real-time environment. Detailed curriculum with all 5 papers 
Duration: 1 Month | 4 Hrs Per Day (starts on 30* of every month) 
Batches: Morning: 8.30 to 10.30 • Afternoon: 2.00 to 4.00 • Evening: 7.30 to 9.30 


CCNA (v 2.0) Full Course 


CISCO CERTIFIED NETWORK ASSOCIATE 


Cisco Routers with BSNL/TELCO MUX & Live Channelised El 

Duration: 1 Month | 4 Hrs Per Day (starts on 30* of every month) 
Batches: Morning: 8.30 to 10.30 • Afternoon: 2.00 to 4.00 • Evening: 7.30 to 9.30 




\ 




Complete Package 
for Only 



Practicals on Live Web Administration + Integration of Windows with Linux/Unix (Samba Server) 
Duration: 2 Weeks | 4 Hrs Per Day (starts on is* &30 ,h of every month) 
Batches: Morning: 8.00 • Afternoon: 1.30 • Evening: 7.00 




I'.'iilillWIliJJiJIhAHiWIlWjWlllliltWIi: 



• Ethical Hacking, Cyber Security and Firewall • Open Source: A glimpse into advance Linux 

• VMware vSphere and MS Private Cloude • Cisco WAN Technology & Collaboration 


Fees: ? 5,900/- 

+ 14% Service Tax 

Duration: 3 Months 
4 Hrs Per Day 


Free MCSE & CCNA Exam Practice Questions 


[UAr | Ethical Hacking & 
EI1UE I Countermeasures Expert 

Course is mapped to EHCE course from US-Council (www.us-council.com) 

(Pre requisite is CCNA / MCSE / LINUX) 

Duration: 2 Weeks | 4 Hrs Per Day (starts on is 1 " & 30 th of every month) 
Batches: Morning: 7.30 or Evening: 6.00 


CCNP R&S 


rcisco CERTIFIED NETWORK PROFESSIONAL^ 


Duration: 1 Month | 4 Hrs Per Day (starts on 15 th of every month) 
Batches: Morning: 7.30 • Afternoon: 2.00 • Evening: 6.00 
• Labs on latest routers with IOS version 15.X 


Monitoring, Diagnostics & Troubleshooting Tools 

• PRTG • Wireshark • SolarWinds, etc. 


► / 


Fees: ? 9,500/- 

+ 14% Service Tax . 


1 00 % 

GUARANTEED 

JOB 


ASSISTANCE 



Exam Practice Challenge Labs 


CCIE R&S 


tcisco CERTIFIED INTERNETWORK EXPERT 


Duration: 1 Month | 4 Hrs Per Day (starts on is 1 " of every month) 
Batches: Morning: 7.30 • Evening: 6.00 

• Individual Rack For Every Student 

• Real time scenarios by 20+ years experienced CCIE certified industry expert who 
has worked on critical projects worldwide. 


Written + Lab Exam Focus 


FREE Full Scale 8 Hours Exam Lab Included 


Unlimited Lab Access For 1 Year 



Fees: ^ jBfOCG/; 
Introductory Special Offer 

Fees: ? 5,500/- 

+ 14% Service Tax 



Fees: ? 

Introductory Special Offer 

Fees: ? 9,999/- 

+ 14% Service Tax 






Duration: 2 Weeks | 4 Hrs Per Day (starts on is* & 30* 1 of every month) 
Batches: (Contact the Counselors for the next available batch) 


Duration: 2 Weeks | 4 Hrs Per Day 

Batches: (Contact the Counselors for the next available batch) 


CCNA SECURITY 


(Pre requisite is CCNA R&S) 


CISCO CERTIFIED NETWORK ASSOCIATE - SECURITY] 


Duration: 2 Weeks | 4 Hrs Per Day (starts on 15* of every month) 
Batches: Morning: 7.30 or Evening: 6.00 


CCNP SECURITY 


(Pre requisite is CCNA Security at ZOOM) 


CISCO CERTIFIED NETWORK PROFESSIONAL - SECURITY 


Duration: 2 Weeks | 4 Hrs Per Day (starts on 30* of every month) 
Batches: Morning: 7.30 or Evening: 6.00 


CCIE SECURITY 


(Pre requisite is CCNA & CCNP Security at ZOOM) 


CISCO CERTIFIED INTERNETWORK - SECURITY. 


Duration: 1 Month | 4 Hrs Per Day 

Batches: (Contact the Counselors for the next available batch) 


Fees: ? 2,500/- 

+ 14% Service Tax 



Fees: 2,500/- 

+ 14% Service Tax 



Duration: 2 Weeks | 4 Hrs Per Day (starts on 1 5* & 30* of every month) 
Batches: (Contact the Counselors for the next available batch) 


Fees: ? 2,500/- 

+ 14% Service Tax 


Fees: ^ 7,500/- 

+ 14% Service Tax 


Fees: ^ 9,500/- 

+ 14% Service Tax 


Fees:^1 5,500/- 

+ 14% Service Tax 


VMware vSphere (Pre requisite is MCSE) 

Duration: 1 Month | 4 Hrs Per Day (starts on 1 5* of every month) 
Batches: Morning: 7.30 and Evening: 7.30 


Fees: ? 4,950/- 

+ 14% Service Tax 


VMware vCloud (Pre requisite is VMware vSphere) 

Duration: 1 Week | 4 Hrs Per Day (starts on 1 5* of every month) 


Batches: Morning: 9.30 to 11.30 


■diiJd'iJiiiniJhnHHT 


Duration: 2 Weeks | 4 Hrs Per Day 

Batches: (Contact the Counselors for the next available batch) 



Fees: ? 2,500/- 

+ 14% Service Tax 


Fees: ^ 5,500/- 

+ 14% Service Tax 


We also offer the following courses (Contact the Counselors for the next available batch) 

► CCNA Voice @ ^7,500/- ► CCNA Data Center @ ^7,500/- 

► CCNP Voice @ ?9,500/- ► CCNP Data Center 

► CCIE Collaboration @ 5,500/- ► CCIE Data Center 

► IPv6 Migration @ ^5,500/- 


?9,500/- 

5,500/- 


FACULTY 


► All Senior Engineers of Zoom working on Live projects 

* Training Engineers of British Army, CISCO, CMC, GE, BSNL, Tata Teleservices and 
Several Corporates etc for 18 Years. 


www.zoomgroup.com 
















FREE Training 


Zoom Technologies offers a number of free resources for the professional development of network 
engineers. 

Register on our website to get access to the video recordings of live sessions on: 

■ MCSE - Windows Server 201 2 

■ Cisco - CCNA "1 

■ Cisco -CCNP r All Tracks (R & S, Security and Voice) 

■ Cisco -CCIE J 

■ Exchange Server 2013 



- Ethical Hacking and Countermeasure Expert (www.us-council.com) 

Find us at: www.zoomgroup.com 

Like us on Facebook and get access to free online webinars as well as special offers and discounts. 

https://www.facebook.com/ZoomTechnolgies 


Online Training 


Online Training at Zoom is a cost effective method of learning new networking skills from the 
convenience of your home or workplace. 

Taking an online training course has many advantages for everyone (Freshers / Working Professionals). 
Zoom offers online training for the highly coveted CCNA, CCNP and CCIE courses as well as MCSE, 
Linux, VMware, Ethical Hacking and Firewalls, IPv6 with more courses planned for the near future. 
These are live instructor led courses, using Cisco WebEX. Check out our online course offerings at: 

http://zoomgroup.com/online_course 


Job Opportunities 


There is a high demand for network and security professionals at all times. Apart from job opportunities 
in India and the Middle East, network and security administrators are also sought-after in the US and 
Europe. 

If you do not have the right skills, then get them now! Choose the experts in network and security 
training, an organization which has already trained over one hundred thousand engineers. 

For the latest job openings in networking and security, register and upload your resume on: 
http://zoomgroup.com/careers or visit zoom to choose job offering from several multinational 
companies. 
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ABOUT US 


ZOOM Technologies India Pvt. Ltd. is a pioneering leader in network and security train- 
ing, having trained over a hundred thousand engineers over the last two decades. 

We offer a world class learning environment, with state-of-the-art labs which are fully 
equipped with high-end routers, firewalls, servers and switches. All our courses are 
hands-on so you'll get much needed practical experience. 

The difference between us and the competition can be summed up in one simple sen- 
tence. Our instructors are real-time network professionals who also teach. 

Zoom has designed, developed and provided network and security solutions as well as 
training to all the big names in the Indian industry, for the public sector as well as corpo- 
rate leaders. Some of our clients are: 

TATA 

BSNL 

VSNL 

Indian Railways 
National Police Academy 
Air Force Academy 
IPCL- Reliance Corporation 
CMC 

British Army 

No other training institute can boast of a customer base like this. This is the reason for 
the resounding success of our networking courses. If you do not have the right skills, then 
get them now. Come, join the experts! 


Training Centers in Hyderabad, India. 


Banjara Hills 

Ameerpet 

Secunderabad 

Dilsukhnagar 

HDFC Bank Building, 2nd Floor, 

# 203, 2nd Floor, 

Navketan Building, 

1st Floor, # 1 6-1 1 -477/B/1 &B/2, 

Road #12, Banjara Hills, 

HUDA Maitrivanam, Ameerpet, 

5 Floor, # 501 

Shlivahana Nagar, Dilsukhnagar, 

Hyderabad - 500 034 

Hyderabad -500 016 

Secunderabad - 500 003 

Hyderabad - 500 060 

Telangana, 

Telangana, 

Telangana, 

Telangana, 

India. 

India. 

India. 

India. 

Phone: +91 40 23394150 

Phone: +91 40 39185252 

Phone: +91 40 27802461 

Phone: +91-40-24140011 

Email: banjara@zoomgroup.com 

Email: ameerpet@zoomgroup.com 

Email: mktg@zoomgroup.com 

Email: dsnr@zoomgroup.com 


website: www.zoomgroup.com 


